Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (44 commits) nommu: Provide mmap_min_addr definition. TOMOYO: Add description of lists and structures. TOMOYO: Remove unused field. integrity: ima audit dentry_open failure TOMOYO: Remove unused parameter. security: use mmap_min_addr indepedently of security models TOMOYO: Simplify policy reader. TOMOYO: Remove redundant markers. SELinux: define audit permissions for audit tree netlink messages TOMOYO: Remove unused mutex. tomoyo: avoid get+put of task_struct smack: Remove redundant initialization. integrity: nfsd imbalance bug fix rootplug: Remove redundant initialization. smack: do not beyond ARRAY_SIZE of data integrity: move ima_counts_get integrity: path_check update IMA: Add __init notation to ima functions IMA: Minimal IMA policy and boot param for TCB IMA policy selinux: remove obsolete read buffer limit from sel_read_bool ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-06-11 13:01:41 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-06-11 13:01:41 -0400
commit: 3296ca27f50ecbd71db1d808c7a72d311027f919 (patch)
tree: 833eaa58b2013bda86d4bd95faf6efad7a2d5ca4 /kernel/module.c
parent: e893123c7378192c094747dadec326b7c000c190 (diff)
parent: 73fbad283cfbbcf02939bdbda31fc4a30e729cca (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/kernel/module.c b/kernel/module.c
index 2383e60fcf3f..278e9b6762bb 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -73,6 +73,9 @@ DEFINE_MUTEX(module_mutex);
 EXPORT_SYMBOL_GPL(module_mutex);
 static LIST_HEAD(modules);
+/* Block module loading/unloading? */
+int modules_disabled = 0;
 /* Waiting for a module to finish initializing? */
 static DECLARE_WAIT_QUEUE_HEAD(module_wq);
@@ -778,7 +781,7 @@ SYSCALL_DEFINE2(delete_module, const char __user *, name_user,
        char name[MODULE_NAME_LEN];
        int ret, forced = 0;
-        if (!capable(CAP_SYS_MODULE))
+        if (!capable(CAP_SYS_MODULE) || modules_disabled)
                return -EPERM;
        if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
@@ -2338,7 +2341,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
        int ret = 0;
        /* Must have permission */
-        if (!capable(CAP_SYS_MODULE))
+        if (!capable(CAP_SYS_MODULE) || modules_disabled)
                return -EPERM;
        /* Only one module load at a time, please */
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-06-11 13:01:41 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-06-11 13:01:41 -0400
commit	3296ca27f50ecbd71db1d808c7a72d311027f919 (patch)
tree	833eaa58b2013bda86d4bd95faf6efad7a2d5ca4 /kernel/module.c
parent	e893123c7378192c094747dadec326b7c000c190 (diff)
parent	73fbad283cfbbcf02939bdbda31fc4a30e729cca (diff)