Linus Torvalds writes: (Summary) wrote:
So once we've taken care of the networking ones that check their own
[...]
with the "unpriv okay" subset?So once we've taken care of the networking ones that check their own
different capability bit, maybe we can then make the regular request_module() do a rate-limited warning for non-CAP_SYS_MODULE uses that prints which module it's loading. And maybe that is too optimistic, and we have a lot of device driver ones because people still have a static /dev and don't have udev populating modules and device nodes, and then maybe we need to introduce a "request_module_dev()" where the rule is that you had to at least have privileges to open the device node.