kernel_optimize_test

History

Matthew Garrett 7d31f4602f kexec_load: Disable at runtime if the kernel is locked down The kexec_load() syscall permits the loading and execution of arbitrary code in ring 0, which is something that lock-down is meant to prevent. It makes sense to disable kexec_load() in this situation. This does not affect kexec_file_load() syscall which can check for a signature on the image to be booted. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Dave Young <dyoung@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> cc: kexec@lists.infradead.org Signed-off-by: James Morris <jmorris@namei.org>		2019-08-19 21:54:15 -07:00
..
apparmor	apparmor: reset pos on failure to unpack for various functions	2019-06-18 16:04:16 -07:00
integrity	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441	2019-06-05 17:37:17 +02:00
keys	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441	2019-06-05 17:37:17 +02:00
loadpin
lockdown	kexec_load: Disable at runtime if the kernel is locked down	2019-08-19 21:54:15 -07:00
safesetid
selinux	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
smack	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
tomoyo
yama	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
commoncap.c
device_cgroup.c
inode.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
Kconfig	security: Add a static lockdown policy LSM	2019-08-19 21:54:15 -07:00
Kconfig.hardening
lsm_audit.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
Makefile	security: Add a static lockdown policy LSM	2019-08-19 21:54:15 -07:00
min_addr.c
security.c	security: Add a "locked down" LSM hook	2019-08-19 21:54:15 -07:00