new kernel feature in progress
Arjan van de Ven
arjanv at redhat.com
Wed Jun 30 07:21:52 UTC 2004
Hi,
as will be able to see in todays rawhide, we're experimenting with
adding a patch for gpg-signed kernel modules. The idea behind this is
for the administrator to *optionally* [1] restrict the set of modules
that can be linked into the kernel. In selinux context one can even
eventually allow different security contexts to load different subsets
of modules, by restricting certain contexts to a predefined gpg keys
only.
The work isn't complete yet by far, this is just a heads up. Input for
creative uses of this infrastructure is welcome :)
Greetings,
Arjan van de Ven
[1] And I repeat *optionally*.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040630/ad634b69/attachment.sig>
More information about the fedora-devel-list
mailing list