1 files changed, 60 insertions, 0 deletions

diff --git a/freed-ora/current/f23/Add-secure_modules-call.patch b/freed-ora/current/f23/Add-secure_modules-call.patch
new file mode 100644
index 000000000..712f69dfe
--- /dev/null
+++ b/freed-ora/current/f23/Add-secure_modules-call.patch
@@ -0,0 +1,60 @@
+From: Matthew Garrett <matthew.garrett@nebula.com>
+Date: Fri, 9 Aug 2013 17:58:15 -0400
+Subject: [PATCH] Add secure_modules() call
+
+Provide a single call to allow kernel code to determine whether the system
+has been configured to either disable module loading entirely or to load
+only modules signed with a trusted key.
+
+Bugzilla: N/A
+Upstream-status: Fedora mustard.  Replaced by securelevels, but that was nak'd
+
+Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
+---
+ include/linux/module.h |  7 +++++++
+ kernel/module.c        | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/include/linux/module.h b/include/linux/module.h
+index c883b86ea964..cdc46a791b9d 100644
+--- a/include/linux/module.h
++++ b/include/linux/module.h
+@@ -508,6 +508,8 @@ int unregister_module_notifier(struct notifier_block *nb);
+ 
+ extern void print_modules(void);
+ 
++extern bool secure_modules(void);
++
+ #else /* !CONFIG_MODULES... */
+ 
+ /* Given an address, look for it in the exception tables. */
+@@ -618,6 +620,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb)
+ static inline void print_modules(void)
+ {
+ }
++
++static inline bool secure_modules(void)
++{
++	return false;
++}
+ #endif /* CONFIG_MODULES */
+ 
+ #ifdef CONFIG_SYSFS
+diff --git a/kernel/module.c b/kernel/module.c
+index cfc9e843a924..17738285d7a2 100644
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -3915,3 +3915,13 @@ void module_layout(struct module *mod,
+ }
+ EXPORT_SYMBOL(module_layout);
+ #endif
++
++bool secure_modules(void)
++{
++#ifdef CONFIG_MODULE_SIG
++	return (sig_enforce || modules_disabled);
++#else
++	return modules_disabled;
++#endif
++}
++EXPORT_SYMBOL(secure_modules);