summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_linker.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern/kern_linker.c')
-rw-r--r--sys/kern/kern_linker.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index bb764f4..f81e000 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -301,6 +301,10 @@ linker_load_file(const char* filename, linker_file_t* result)
linker_file_t lf;
int foundfile, error = 0;
+ /* Refuse to load modules if securelevel raised */
+ if (securelevel > 0)
+ return EPERM;
+
lf = linker_find_file_by_name(filename);
if (lf) {
KLD_DPF(FILE, ("linker_load_file: file %s is already loaded, incrementing refs\n", filename));
@@ -425,6 +429,10 @@ linker_file_unload(linker_file_t file)
int error = 0;
int i;
+ /* Refuse to unload modules if securelevel raised */
+ if (securelevel > 0)
+ return EPERM;
+
KLD_DPF(FILE, ("linker_file_unload: lf->refs=%d\n", file->refs));
lockmgr(&lock, LK_EXCLUSIVE, 0, curproc);
if (file->refs == 1) {
@@ -678,7 +686,7 @@ kldload(struct proc* p, struct kldload_args* uap)
p->p_retval[0] = -1;
- if (securelevel > 0)
+ if (securelevel > 0) /* redundant, but that's OK */
return EPERM;
if ((error = suser(p)) != 0)
@@ -721,7 +729,7 @@ kldunload(struct proc* p, struct kldunload_args* uap)
linker_file_t lf;
int error = 0;
- if (securelevel > 0)
+ if (securelevel > 0) /* redundant, but that's OK */
return EPERM;
if ((error = suser(p)) != 0)
OpenPOWER on IntegriCloud