1 files changed, 5 insertions, 2 deletions

diff --git a/kernel/module.c b/kernel/module.c
index e797812a4d95..cb3887e770e2 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -72,6 +72,9 @@ DEFINE_MUTEX(module_mutex);
 EXPORT_SYMBOL_GPL(module_mutex);
 static LIST_HEAD(modules);
 
+/* Block module loading/unloading? */
+int modules_disabled = 0;
+
 /* Waiting for a module to finish initializing? */
 static DECLARE_WAIT_QUEUE_HEAD(module_wq);
 
@@ -777,7 +780,7 @@ SYSCALL_DEFINE2(delete_module, const char __user *, name_user,
         char name[MODULE_NAME_LEN];
         int ret, forced = 0;
 
-        if (!capable(CAP_SYS_MODULE))
+        if (!capable(CAP_SYS_MODULE) || modules_disabled)
                 return -EPERM;
 
         if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
@@ -2336,7 +2339,7 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
         int ret = 0;
 
         /* Must have permission */
-        if (!capable(CAP_SYS_MODULE))
+        if (!capable(CAP_SYS_MODULE) || modules_disabled)
                 return -EPERM;
 
         /* Only one module load at a time, please */