[RFC PATCH 3/9] Loadpol LSM: filter kernel module request according to the policy

Randy Dunlap rdunlap at infradead.org
Wed May 21 16:21:40 UTC 2025



On 5/21/25 8:47 AM, Casey Schaufler wrote:
> On 5/21/2025 7:01 AM, Simon THOBY wrote:
>> When a kernel module is loaded, the LSM accepts or rejects the demand
>> according to its policy.
>>
>> Signed-off-by: Simon THOBY <git at nightmared.fr>
>> ---
>>  security/loadpol/Makefile         |  2 +-
>>  security/loadpol/loadpol.c        | 22 ++++++++++++
>>  security/loadpol/loadpol.h        | 27 ++++++++++++++
>>  security/loadpol/loadpol_policy.c | 59 +++++++++++++++++++++++++++++++
>>  4 files changed, 109 insertions(+), 1 deletion(-)
>>  create mode 100644 security/loadpol/loadpol_policy.c
>>

>> +
>> +struct loadpol_policy_entry {
>> +	struct list_head list;
>> +	// bitfield of policy_entry_origin
> 
> The // comment style is not used in the kernel.

Counter:

https://lore.kernel.org/lkml/CA+55aFyQYJerovMsSoSKS7PessZBr4vNp-3QUUwhqk4A4_jcbg@mail.gmail.com/


-- 
~Randy




More information about the Linux-security-module-archive mailing list