[refpolicy] In Fedora policy we have simplified the secure_mode_insmod
Christopher J. PeBenito
cpebenito at tresys.com
Fri Sep 9 10:56:09 CDT 2011
On 09/09/11 07:22, Daniel J Walsh wrote:
> Now this boolean controls sys_module, so we always transition but we
> can turn off the ability to insert modules into the kernel.
> This is much simpler then what we had before.
> If you like this I have a similar patch for secure_mode_loadpolicy
So with the current implementation, there are conditional module loaders and unconditional module loaders. Do we really want to make all module loading conditional? I'm fine with that, but are there reasons to keep the current conditional/unconditional behavior? If so we can still keep that functionality, but implement it similar to this patch.
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy