]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 603adfe)
Enforce module signatures when securelevel is greater than 0
authorMatthew Garrett <matthew.garrett@nebula.com>
Mon, 9 Sep 2013 22:49:36 +0000 (15:49 -0700)
committerSantosh Shilimkar <santosh.shilimkar@oracle.com>
Mon, 10 Aug 2015 16:24:05 +0000 (09:24 -0700)
Orabug: 21539498

If securelevel has been set to 1 or greater, require that all modules have
valid signatures.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
kernel/module.c patch | blob | history

diff --git a/kernel/module.c b/kernel/module.c
index cfc9e843a924091e2be3d2a2bcef72a038737f64..5f6d8700ae1b58026dc18cd60c16b1aa59e32711 100644 (file)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2447,7 +2447,7 @@ static int module_sig_check(struct load_info *info)
        }
 
        /* Not having a signature is only an error if we're strict. */
-       if (err == -ENOKEY && !sig_enforce)
+       if ((err == -ENOKEY && !sig_enforce) && (get_securelevel() <= 0))
                err = 0;
 
        return err;
Unnamed repository; edit this file 'description' to name the repository.