diff options
| author | Kees Cook <[email protected]> | 2009-04-02 15:49:29 -0700 |
|---|---|---|
| committer | James Morris <[email protected]> | 2009-04-03 11:47:11 +1100 |
| commit | 3d43321b7015387cfebbe26436d0e9d299162ea1 (patch) | |
| tree | bae6bd123c8f573e844a7af11c96eb5f6a73e0ee /net/lapb/lapb_in.c | |
| parent | 8a6f83afd0c5355db6d11394a798e94950306239 (diff) | |
modules: sysctl to block module loading
Implement a sysctl file that disables module-loading system-wide since
there is no longer a viable way to remove CAP_SYS_MODULE after the system
bounding capability set was removed in 2.6.25.
Value can only be set to "1", and is tested only if standard capability
checks allow CAP_SYS_MODULE. Given existing /dev/mem protections, this
should allow administrators a one-way method to block module loading
after initial boot-time module loading has finished.
Signed-off-by: Kees Cook <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Signed-off-by: James Morris <[email protected]>
Diffstat (limited to 'net/lapb/lapb_in.c')
0 files changed, 0 insertions, 0 deletions