[PATCH v3 1/2] modules:capabilities: automatic module loading restriction

Andy Lutomirski luto at kernel.org
Wed Apr 19 23:16:22 UTC 2017


On Wed, Apr 19, 2017 at 3:20 PM, Djalal Harouni <tixxdz at gmail.com> wrote:
> Currently, an explicit call to load or unload kernel modules require
> CAP_SYS_MODULE capability. However unprivileged users have always been
> able to load some modules using the implicit auto-load operation. An
> automatic module loading happens when programs request a kernel feature
> from a module that is not loaded. In order to satisfy userspace, the
> kernel then automatically load all these required modules.

I like this feature.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list