Re: [PATCH v3 16/22] module: replace copy_module_from_fd with kernel version

On Thu, 2016-02-04 at 20:56 +0100, Luis R. Rodriguez wrote: > On Wed, Feb 03, 2016 at 02:06:24PM -0500, Mimi Zohar wrote: > > Replace copy_module_from_fd() with kernel_read_file_from_fd(). > > > > Although none of the upstreamed LSMs define a kernel_module_from_file > > hook, IMA is called, based

Re: [PATCH v3 16/22] module: replace copy_module_from_fd with kernel version

On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote: > Replace copy_module_from_fd() with kernel_read_file_from_fd(). > > Although none of the upstreamed LSMs define a kernel_module_from_file > hook, IMA is called, based on policy, to prevent unsigned kernel modules > from

Re: [PATCH v3 16/22] module: replace copy_module_from_fd with kernel version

On Wed, Feb 03, 2016 at 02:06:24PM -0500, Mimi Zohar wrote: > Replace copy_module_from_fd() with kernel_read_file_from_fd(). > > Although none of the upstreamed LSMs define a kernel_module_from_file > hook, IMA is called, based on policy, to prevent unsigned kernel modules > from being loaded by

[PATCH v3 16/22] module: replace copy_module_from_fd with kernel version

Replace copy_module_from_fd() with kernel_read_file_from_fd(). Although none of the upstreamed LSMs define a kernel_module_from_file hook, IMA is called, based on policy, to prevent unsigned kernel modules from being loaded by the original kernel module syscall and to measure/appraise signed