Matthew Garrett 9b9d8dda1e lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down ... Allowing users to read and write to core kernel memory makes it possible for the kernel to be subverted, avoiding module loading restrictions, and also to steal cryptographic information. Disallow /dev/mem and /dev/kmem from being opened this when the kernel has been locked down to prevent this. Also disallow /dev/port from being opened to prevent raw ioport access and thus DMA from being used to accomplish the same thing. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: x86@kernel.org Signed-off-by: James Morris <jmorris@namei.org>		2019-08-19 21:54:15 -07:00
..
Kconfig	lockdown: Enforce module signatures if the kernel is locked down	2019-08-19 21:54:15 -07:00
lockdown.c	lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down	2019-08-19 21:54:15 -07:00
Makefile	security: Add a static lockdown policy LSM	2019-08-19 21:54:15 -07:00