Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernelmodules

From: David Miller
Date: Fri Feb 25 2011 - 14:15:35 EST

Next message: Grant Likely: "Re: [PATCH] dt: add a match table pointer to struct device"
Previous message: John Stultz: "[PATCH] RTC: fix typo in drivers/rtc/rtc-at91sam9.c"
In reply to: Ben Hutchings: "Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernelmodules"
Next in thread: Ben Hutchings: "Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernelmodules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ben Hutchings <bhutchings@xxxxxxxxxxxxxx>
Date: Fri, 25 Feb 2011 19:07:59 +0000

> You realise that module loading doesn't actually run in the context of
> request_module(), right?

Why is that a barrier? We could simply pass a capability mask into
request_module if necessary.

It's an implementation detail, and not a deterrant to my suggested
scheme.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Grant Likely: "Re: [PATCH] dt: add a match table pointer to struct device"
Previous message: John Stultz: "[PATCH] RTC: fix typo in drivers/rtc/rtc-at91sam9.c"
In reply to: Ben Hutchings: "Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernelmodules"
Next in thread: Ben Hutchings: "Re: [PATCH] don't allow CAP_NET_ADMIN to load non-netdev kernelmodules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]