Quoting Eric Paris (eparis@xxxxxxxxxx): > Calling request_module() will trigger a userspace upcall which will load a > new module into the kernel. This can be a dangerous event if the process > able to trigger request_module() is able to control either the modprobe > binary or the module binary. This patch adds a new security hook to > request_module() which can be used by an LSM to control a processes ability > to call request_module(). Is there a specific case in which you'd want to deny this ability from a real task? -serge -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
