Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernelmodules
From: David Miller
Date: Fri Feb 25 2011 - 14:15:35 EST
From: Ben Hutchings <bhutchings@xxxxxxxxxxxxxx>
Date: Fri, 25 Feb 2011 19:07:59 +0000
> You realise that module loading doesn't actually run in the context of
> request_module(), right?
Why is that a barrier? We could simply pass a capability mask into
request_module if necessary.
It's an implementation detail, and not a deterrant to my suggested
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/