)]}'
{
  "commit": "3d43321b7015387cfebbe26436d0e9d299162ea1",
  "tree": "bae6bd123c8f573e844a7af11c96eb5f6a73e0ee",
  "parents": [
    "8a6f83afd0c5355db6d11394a798e94950306239"
  ],
  "author": {
    "name": "Kees Cook",
    "email": "kees@ubuntu.com",
    "time": "Thu Apr 02 15:49:29 2009 -0700"
  },
  "committer": {
    "name": "James Morris",
    "email": "jmorris@namei.org",
    "time": "Fri Apr 03 11:47:11 2009 +1100"
  },
  "message": "modules: sysctl to block module loading\n\nImplement a sysctl file that disables module-loading system-wide since\nthere is no longer a viable way to remove CAP_SYS_MODULE after the system\nbounding capability set was removed in 2.6.25.\n\nValue can only be set to \"1\", and is tested only if standard capability\nchecks allow CAP_SYS_MODULE.  Given existing /dev/mem protections, this\nshould allow administrators a one-way method to block module loading\nafter initial boot-time module loading has finished.\n\nSigned-off-by: Kees Cook \u003ckees.cook@canonical.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a4ccdd1981cfbc9f45b8aaabf46017dd739ab5fa",
      "old_mode": 33188,
      "old_path": "Documentation/sysctl/kernel.txt",
      "new_id": "02b134956273fc885f70803a1167e6cd59cbcc58",
      "new_mode": 33188,
      "new_path": "Documentation/sysctl/kernel.txt"
    },
    {
      "type": "modify",
      "old_id": "f77ac320d0b51d021b52ba4c48dba5680e7c4d01",
      "old_mode": 33188,
      "old_path": "kernel/module.c",
      "new_id": "eeb3f7b1383c981e84e3d78331ff87e7991b4a25",
      "new_mode": 33188,
      "new_path": "kernel/module.c"
    },
    {
      "type": "modify",
      "old_id": "c5ef44ff850f5af111943d76a5484318d6a5bc35",
      "old_mode": 33188,
      "old_path": "kernel/sysctl.c",
      "new_id": "2fb4246d27ded21901cfd482643af84036c217aa",
      "new_mode": 33188,
      "new_path": "kernel/sysctl.c"
    }
  ]
}