Even if MODULE_SIG_FORCE is turned on, it is still useful if module can export sig_enforce, so user space will know if module signature is turned on and forced.
Signed-off-by: Eric Miao <[email protected]> Cc: David Howells <[email protected]> Cc: Dan Willemsen <[email protected]> --- kernel/module.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kernel/module.c b/kernel/module.c index dc58274..d55646b 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -110,6 +110,14 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */ #ifdef CONFIG_MODULE_SIG #ifdef CONFIG_MODULE_SIG_FORCE static bool sig_enforce = true; + +static const struct kernel_param_ops param_ops_bool_read_only = { + .flags = KERNEL_PARAM_FL_NOARG, + .get = param_get_bool, +}; +#define param_check_bool_read_only param_check_bool + +module_param(sig_enforce, bool_read_only, 0444); #else static bool sig_enforce = false; -- 1.8.4.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
