On Tue, 28 Nov 2017, David Miller wrote: > From: Linus Torvalds <torva...@linux-foundation.org> > Date: Mon, 27 Nov 2017 10:41:30 -0800 > > > What are the real life use-cases for normal users having modules > > auto-load? > > User opens SCTP socket, SCTP protocol module loads. > > People build test cases via namespaces, and in that namespaces normal > users can setup virtual tunnel devices themselves, and those configure > operations can bring the tunnel module in.
What about implementing a white list of modules which are able to be loaded by unprivileged users? Then, Linus' solution would look something like: va_start(args, fmt); ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); va_end(args); if (WARN_ON_ONCE(!capable(CAP_SYS_MODULE) || !capable(CAP_SYS_ADMIN) || !capable(CAP_NET_ADMIN) || !unprivileged_autoload(module_name))) return -EPERM; -- James Morris <james.l.mor...@oracle.com>