git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9188499) | patch
SELinux: add selinux_kernel_module_request
authorEric Paris <eparis@redhat.com>
Thu, 13 Aug 2009 13:45:03 +0000 (09:45 -0400)
committerJames Morris <jmorris@namei.org>
Fri, 14 Aug 2009 01:18:40 +0000 (11:18 +1000)
commit25354c4fee169710fd9da15f3bb2abaa24dcf933
tree7fb462945c15ce09392ae858c8ae757290b5ed2dtree | snapshot
parent9188499cdb117d86a1ea6b04374095b098d56936commit | diff
SELinux: add selinux_kernel_module_request

This patch adds a new selinux hook so SELinux can arbitrate if a given
process should be allowed to trigger a request for the kernel to try to
load a module.  This is a different operation than a process trying to load
a module itself, which is already protected by CAP_SYS_MODULE.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/hooks.c diff | blob | history
security/selinux/include/av_perm_to_string.h diff | blob | history
security/selinux/include/av_permissions.h diff | blob | history
Pandora Kernel Repository