[PATCH v5 0/6] LSM: LoadPin for kernel file loading restrictions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This provides the mini-LSM "loadpin" that intercepts the now consolidated
kernel_file_read LSM hook so that a system can keep all loads coming from
a single trusted filesystem. This is what Chrome OS uses to pin kernel
module and firmware loading to the read-only crypto-verified dm-verity
partition so that kernel module signing is not needed.

-Kees

v5:
- replace enum-to-str code, mimi
v4:
- add missing "const" to char * src, joe
v3:
- changed module parameter to "loadpin.enabled"
- add sysctl docs, akpm
- add general use function for enum, zohar
- add gfp_t, joe
- clean up loops, andriy.shevchenko
- reduce BUG_ON to WARN_ON, joe
v2:
- break out utility helpers into separate functions
- have Yama use new helpers too

--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux