projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0ad5ae5) | patch
Add the ability to lock down access to the running kernel image
authorDavid Howells <dhowells@redhat.com>
Wed, 5 Apr 2017 16:40:29 +0000 (17:40 +0100)
committerBen Hutchings <ben@decadent.org.uk>
Sat, 12 Aug 2017 22:09:26 +0000 (23:09 +0100)
commit5b3969584da77be29c28c7d5d61e36876d9166bf
tree414a9bcd3e528398ce7c8b233af1eb0fceff6a78tree | snapshot
parent0ad5ae5a67f9238f54773ce69ea5e034b1cf7f9fcommit | diff
Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR registers and disallowing hibernation,

Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
include/linux/kernel.h diff | blob | history
include/linux/security.h diff | blob | history
security/Kconfig diff | blob | history
security/Makefile diff | blob | history
security/lock_down.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.