[Fedora 16/19] kexec: Remove the loading restrictions of secure_modules() now

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Now we have the capability to load only that code which is signed using
sys_kexec(). so there is no need to disable kexec when secure_modules is
enabled.

Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx>
---
 kernel/kexec.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/kernel/kexec.c b/kernel/kexec.c
index f15e302..a801d10 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -966,13 +966,6 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
 	if (!capable(CAP_SYS_BOOT))
 		return -EPERM;
 
-	/*
-	 * kexec can be used to circumvent module loading restrictions, so
-	 * prevent loading in that case
-	 */
-	if (secure_modules())
-		return -EPERM;
-
 	result = check_task_signature();
 	if (result)
 		return result;
-- 
1.8.3.1

_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux