kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   6f01e8cfb4a016c4c2f3182bf84155a030cbcadf
  2.   patches.suse
  3.   0001-Enforce-module-signatures-when-securelevel-is-greate.patch
Blob Blame History Raw 
From 90e0fa532b145d1bb76c368277a3a3e3b3eb5c94 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Mon, 9 Sep 2013 08:46:52 -0400
Subject: [PATCH] Enforce module signatures when securelevel is greater than 0

Patch-mainline: Queued in subsystem maintainer repository
Git-repo: https://github.com/mjg59/linux
Git-commit: 90e0fa532b145d1bb76c368277a3a3e3b3eb5c94
References: fate#320387, bsc#992522

If securelevel has been set to 1 or greater, require that all modules have
valid signatures.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
 kernel/module.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2736,7 +2736,7 @@ static int module_sig_check(struct load_
 	}
 
 	/* Not having a signature is only an error if we're strict. */
-	if (err == -ENOKEY && !sig_enforce)
+	if ((err == -ENOKEY && !sig_enforce) && (get_securelevel() <= 0))
 		err = 0;
 
 	return err;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.