LSM hook for module loading and unloading

Tamir Carmeli carmeli.tamir at gmail.com
Sat Dec 1 15:49:12 UTC 2018


Hi,
I believe that this is the right place to ask the question, but if it
isn't please let me know of a better forum to ask.

Is there a reason why LSM hooks for kernel module deletion and loading
don't exist? (for delete_module syscall and load_module kernel
function)

Is there some design problem I'm not aware of, or whether the
necessity hasn't come up from any of the mainline LSMs?

I'm considering to write such patch, and I'd like to hear reasons for
why it might be a bad idea.

Thanks.



More information about the Linux-security-module-archive mailing list