On Mon, 29 Apr 2002, Rolf Fokkens wrote:
> This patch adds the option op locking module operations, which
> means that no more insmod en rmmod operations are possible. This
> hopefully satisfies some security requirements that state that no
> modularized kernels should be used to be really safe in some
> environents.
you're describing exactly the bahaviour or using capabilities.
see the capable(CAP_SYS_MODULE) calls you removed with your patch.
tm
-- in some way i do, and in some way i don't.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Apr 30 2002 - 22:00:16 EST