Re: [PATCH 2/4] security: introduce kernel_module_from_file hook

From: James Morris
Date: Fri Oct 05 2012 - 06:18:29 EST


On Thu, 4 Oct 2012, Kees Cook wrote:

> Now that kernel module origins can be reasoned about, provide a hook to
> the LSMs to make policy decisions about the module file. This will let
> Chrome OS enforce that loadable kernel modules can only come from its
> read-only hash-verified root filesystem. Other LSMs can, for example,
> read extended attributes for signatures, etc.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> Acked-by: Eric Paris <eparis@xxxxxxxxxx>
> Acked-by: Mimi Zohar <zohar@xxxxxxxxxx>

Acked-by: James Morris <james.l.morris@xxxxxxxxxx>


--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/