At present, the SELinux module hook function implementations do
nothing. Module operations are controlled by the security policy by
limiting the use of the CAP_SYS_MODULE capability via the
selinux_capable
hook function. If finer-grained
controls are later determined to be worthwhile (e.g. controls based on
the actual name or content of the module), then additional access
controls could be implemented in these hook functions. The hook functions
are:
selinux_module_create_module
selinux_module_init_module
selinux_module_delete_module