mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-27 09:02:06 +00:00
kexec_load: Disable at runtime if the kernel is locked down
The kexec_load() syscall permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec_load() in this situation. This does not affect kexec_file_load() syscall which can check for a signature on the image to be booted. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Dave Young <dyoung@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> cc: kexec@lists.infradead.org Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Matthew Garrett
James Morris
parent
9b9d8dda1e
commit
7d31f4602f
3 changed files with 10 additions and 0 deletions
|
|
@ -105,6 +105,7 @@ enum lockdown_reason {
|
|||
LOCKDOWN_NONE,
|
||||
LOCKDOWN_MODULE_SIGNATURE,
|
||||
LOCKDOWN_DEV_MEM,
|
||||
LOCKDOWN_KEXEC,
|
||||
LOCKDOWN_INTEGRITY_MAX,
|
||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue