GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-23 07:01:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

LSM: LoadPin for kernel file loading restrictions

Browse source 
This LSM enforces that kernel-loaded files (modules, firmware, etc)
must all come from the same filesystem, with the expectation that
such a filesystem is backed by a read-only device such as dm-verity
or CDROM. This allows systems that have a verified and/or unchangeable
filesystem to enforce module and firmware loading restrictions without
needing to sign the files individually.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
Kees Cook 2016-04-20 15:46:28 -07:00 committed by James Morris
parent 1284ab5b2d
commit 9b091556a0
9 changed files with 233 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
security/security.c
View file

@ -60,6 +60,7 @@ int __init security_init(void)
*/
capability_add_hooks();
yama_add_hooks();
loadpin_add_hooks();
/*
* Load all the remaining security modules.