Re: [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction

From: Djalal Harouni
Date: Thu Apr 20 2017 - 16:39:30 EST

Next message: Megha Dey: "[Patch V5 0/7] crypto: AES CBC multibuffer implementation"
Previous message: Hoan Tran: "Re: [PATCH 2/2] i2c: xgene-slimpro: Add ACPI support by using PCC mailbox"
In reply to: Ben Hutchings: "Re: [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 20, 2017 at 5:02 PM, Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote:
> On Thu, 2017-04-20 at 14:44 +0200, Djalal Harouni wrote:
>> > On Thu, Apr 20, 2017 at 4:22 AM, Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote:
>> > On Thu, 2017-04-20 at 00:20 +0200, Djalal Harouni wrote:
>> > [...]
[...]
>> modules_disabled is too restrictive and once set it can't be changed,
>> maybe that's why not all users use it.
>>
>> With modules_disabled=0 and modules_autoload=2
> [...]
>
> Hmm, OK. How about naming this modules_autoload_mode, then, so that
> it's obviously not a boolean?

Yes that's fine by me, kees already suggested to rename it to
"modules_autoload" I can change it to that if it's the best
suggestion!

Thanks!

> Ben.
>
> --
> Ben Hutchings
> It is easier to change the specification to fit the program than vice
> versa.
>

--
tixxdz

Next message: Megha Dey: "[Patch V5 0/7] crypto: AES CBC multibuffer implementation"
Previous message: Hoan Tran: "Re: [PATCH 2/2] i2c: xgene-slimpro: Add ACPI support by using PCC mailbox"
In reply to: Ben Hutchings: "Re: [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]