forked from rpms/kernel
		
	
		
			
				
	
	
		
			64 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			64 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
 | |
| From: Matthew Garrett <matthew.garrett@nebula.com>
 | |
| Date: Fri, 9 Aug 2013 17:58:15 -0400
 | |
| Subject: [PATCH 01/20] Add secure_modules() call
 | |
| 
 | |
| Provide a single call to allow kernel code to determine whether the system
 | |
| has been configured to either disable module loading entirely or to load
 | |
| only modules signed with a trusted key.
 | |
| 
 | |
| Bugzilla: N/A
 | |
| Upstream-status: Fedora mustard.  Replaced by securelevels, but that was nak'd
 | |
| 
 | |
| Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
 | |
| ---
 | |
|  include/linux/module.h |  6 ++++++
 | |
|  kernel/module.c        | 10 ++++++++++
 | |
|  2 files changed, 16 insertions(+)
 | |
| 
 | |
| diff --git a/include/linux/module.h b/include/linux/module.h
 | |
| index 3a19c79918e0..db386349cd01 100644
 | |
| --- a/include/linux/module.h
 | |
| +++ b/include/linux/module.h
 | |
| @@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
 | |
|  	return module && module->async_probe_requested;
 | |
|  }
 | |
|  
 | |
| +extern bool secure_modules(void);
 | |
| +
 | |
|  #else /* !CONFIG_MODULES... */
 | |
|  
 | |
|  /* Given an address, look for it in the exception tables. */
 | |
| @@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
 | |
|  	return false;
 | |
|  }
 | |
|  
 | |
| +static inline bool secure_modules(void)
 | |
| +{
 | |
| +	return false;
 | |
| +}
 | |
|  #endif /* CONFIG_MODULES */
 | |
|  
 | |
|  #ifdef CONFIG_SYSFS
 | |
| diff --git a/kernel/module.c b/kernel/module.c
 | |
| index b86b7bf1be38..7f045246e123 100644
 | |
| --- a/kernel/module.c
 | |
| +++ b/kernel/module.c
 | |
| @@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
 | |
|  }
 | |
|  EXPORT_SYMBOL(module_layout);
 | |
|  #endif
 | |
| +
 | |
| +bool secure_modules(void)
 | |
| +{
 | |
| +#ifdef CONFIG_MODULE_SIG
 | |
| +	return (sig_enforce || modules_disabled);
 | |
| +#else
 | |
| +	return modules_disabled;
 | |
| +#endif
 | |
| +}
 | |
| +EXPORT_SYMBOL(secure_modules);
 | |
| -- 
 | |
| 2.4.3
 | |
| 
 |