Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction

From: Andy Lutomirski
Date: Wed Apr 19 2017 - 19:16:51 EST

Next message: Cyrille Pitchen: "Re: [PATCH v7 1/4] mtd: spi-nor: introduce SPI 1-2-2 and SPI 1-4-4 protocols"
Previous message: Andy Lutomirski: "Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction"
In reply to: Djalal Harouni: "[PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Next in thread: Ben Hutchings: "Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 19, 2017 at 3:20 PM, Djalal Harouni <tixxdz@xxxxxxxxx> wrote:
> Currently, an explicit call to load or unload kernel modules require
> CAP_SYS_MODULE capability. However unprivileged users have always been
> able to load some modules using the implicit auto-load operation. An
> automatic module loading happens when programs request a kernel feature
> from a module that is not loaded. In order to satisfy userspace, the
> kernel then automatically load all these required modules.

I like this feature.

--Andy

Next message: Cyrille Pitchen: "Re: [PATCH v7 1/4] mtd: spi-nor: introduce SPI 1-2-2 and SPI 1-4-4 protocols"
Previous message: Andy Lutomirski: "Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction"
In reply to: Djalal Harouni: "[PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Next in thread: Ben Hutchings: "Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]