Thread (38 messages) 38 messages, 9 authors, 2017-05-05

Re: [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction

From: Rusty Russell <hidden>
Date: 2017-04-24 04:32:20
Also in: linux-security-module, lkml 

Djalal Harouni [off-list ref] writes:
When value is (1), task must have CAP_SYS_MODULE to be able to trigger a
module auto-load operation, or CAP_NET_ADMIN for modules with a
'netdev-%s' alias.
Sorry, the magic 'netdev-' prefix is a crawling horror.  To do this
properly, you need to hand the capability (if any) from the
request_module() call.  Probably by adding a new request_module_cap and
making request_module() call that, then fixing up the callers.

Cheers,
Rusty.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help