Now we have the capability to load only that code which is signed using
sys_kexec(). so there is no need to disable kexec when secure_modules is
enabled.
Signed-off-by: Vivek Goyal <vgoyal(a)redhat.com>
---
kernel/kexec.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index f15e302..a801d10 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -966,13 +966,6 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long,
nr_segments,
if (!capable(CAP_SYS_BOOT))
return -EPERM;
- /*
- * kexec can be used to circumvent module loading restrictions, so
- * prevent loading in that case
- */
- if (secure_modules())
- return -EPERM;
-
result = check_task_signature();
if (result)
return result;
--
1.8.3.1