LSM hook for module loading and unloading
Casey Schaufler
casey at schaufler-ca.com
Mon Dec 3 16:13:28 UTC 2018
On 12/1/2018 7:49 AM, Tamir Carmeli wrote:
> Hi,
> I believe that this is the right place to ask the question, but if it
> isn't please let me know of a better forum to ask.
This is the right list.
> Is there a reason why LSM hooks for kernel module deletion and loading
> don't exist? (for delete_module syscall and load_module kernel
> function)
security_kernel_load_data() is the hook for loading.
> Is there some design problem I'm not aware of, or whether the
> necessity hasn't come up from any of the mainline LSMs?
No one has seen the need for a hook during unload.
> I'm considering to write such patch, and I'd like to hear reasons for
> why it might be a bad idea.
To what end? Look at the Loadpin security module in security/loadpin
for one approach to protecting module loading.
> Thanks.
More information about the Linux-security-module-archive
mailing list