On Thu, 4 Oct 2012, Kees Cook wrote: > Now that kernel module origins can be reasoned about, provide a hook to > the LSMs to make policy decisions about the module file. This will let > Chrome OS enforce that loadable kernel modules can only come from its > read-only hash-verified root filesystem. Other LSMs can, for example, > read extended attributes for signatures, etc. > > Signed-off-by: Kees Cook <[email protected]> > Acked-by: Serge E. Hallyn <[email protected]> > Acked-by: Eric Paris <[email protected]> > Acked-by: Mimi Zohar <[email protected]>
Acked-by: James Morris <[email protected]> -- James Morris <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
