new kernel feature in progress
alan
alan at clueserver.org
Wed Jun 30 16:32:54 UTC 2004
On Wed, 30 Jun 2004, Arjan van de Ven wrote:
> Hi,
>
> as will be able to see in todays rawhide, we're experimenting with
> adding a patch for gpg-signed kernel modules. The idea behind this is
> for the administrator to *optionally* [1] restrict the set of modules
> that can be linked into the kernel. In selinux context one can even
> eventually allow different security contexts to load different subsets
> of modules, by restricting certain contexts to a predefined gpg keys
> only.
>
> The work isn't complete yet by far, this is just a heads up. Input for
> creative uses of this infrastructure is welcome :)
>
> Greetings,
> Arjan van de Ven
>
>
> [1] And I repeat *optionally*.
>
Who's patch are you adding? I know of a couple of different versions of
this sort of patch.
More information about the fedora-devel-list
mailing list