git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Paris <eparis@redhat.com>
	Thu, 13 Aug 2009 13:45:03 +0000 (09:45 -0400)
committer	James Morris <jmorris@namei.org>
	Fri, 14 Aug 2009 01:18:40 +0000 (11:18 +1000)
commit	b1864f9501312e25115955b7fea10bfc26decfef
tree	7fb462945c15ce09392ae858c8ae757290b5ed2d	tree \| snapshot
parent	8f7b1a97b443ecd2c3dbb819ac2ce417017c73f8	commit \| diff

SELinux: add selinux_kernel_module_request

This patch adds a new selinux hook so SELinux can arbitrate if a given
process should be allowed to trigger a request for the kernel to try to
load a module. This is a different operation than a process trying to load
a module itself, which is already protected by CAP_SYS_MODULE.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

security/selinux/hooks.c		diff \| blob \| history
security/selinux/include/av_perm_to_string.h		diff \| blob \| history
security/selinux/include/av_permissions.h		diff \| blob \| history

Linux Kernel Source Tree.

RSS Atom