Kees Cook 2e72d51b4a security: introduce kernel_module_from_file hook ... Now that kernel module origins can be reasoned about, provide a hook to the LSMs to make policy decisions about the module file. This will let Chrome OS enforce that loadable kernel modules can only come from its read-only hash-verified root filesystem. Other LSMs can, for example, read extended attributes for signatures, etc. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>		2012-12-14 13:05:24 +10:30
..
apparmor	apparmor: fix IRQ stack overflow during free_profile	2012-10-25 02:12:50 +11:00
integrity	ima: fix bug in argument order	2012-10-05 22:32:16 +10:00
keys	Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux	2012-10-14 13:39:34 -07:00
selinux	selinux: fix sel_netnode_insert() suspicious rcu dereference	2012-11-21 21:55:32 +11:00
smack	consitify do_mount() arguments	2012-10-11 20:02:04 -04:00
tomoyo	consitify do_mount() arguments	2012-10-11 20:02:04 -04:00
yama	Linux 3.6-rc7	2012-09-28 13:37:32 +10:00
Kconfig	KEYS: Move the key config into security/keys/Kconfig	2012-05-11 10:56:56 +01:00
Makefile	security: Yama LSM	2012-02-10 09:18:52 +11:00
capability.c	security: introduce kernel_module_from_file hook	2012-12-14 13:05:24 +10:30
commoncap.c	split ->file_mmap() into ->mmap_addr()/->mmap_file()	2012-05-31 13:11:54 -04:00
device_cgroup.c	device_cgroup: fix RCU usage	2012-11-06 12:25:51 -08:00
inode.c	securityfs: fix object creation races	2012-01-10 10:20:35 -05:00
lsm_audit.c	LSM: BUILD_BUG_ON if the common_audit_data union ever grows	2012-04-09 12:23:03 -04:00
min_addr.c	mmap_min_addr check CAP_SYS_RAWIO only for write	2010-04-23 08:56:31 +10:00
security.c	security: introduce kernel_module_from_file hook	2012-12-14 13:05:24 +10:30