Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernelmodules

From: David Miller
Date: Fri Feb 25 2011 - 14:15:35 EST

From: Ben Hutchings <bhutchings@xxxxxxxxxxxxxx>
Date: Fri, 25 Feb 2011 19:07:59 +0000

> You realise that module loading doesn't actually run in the context of
> request_module(), right?

Why is that a barrier? We could simply pass a capability mask into
request_module if necessary.

It's an implementation detail, and not a deterrant to my suggested
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at