On Wed, 30 Jun 2004, Arjan van de Ven wrote:
Hi,
as will be able to see in todays rawhide, we're experimenting with
adding a patch for gpg-signed kernel modules. The idea behind this is
for the administrator to *optionally* [1] restrict the set of modules
that can be linked into the kernel. In selinux context one can even
eventually allow different security contexts to load different subsets
of modules, by restricting certain contexts to a predefined gpg keys
only.
The work isn't complete yet by far, this is just a heads up. Input for
creative uses of this infrastructure is welcome :)
Greetings,
Arjan van de Ven
[1] And I repeat *optionally*.
Who's patch are you adding? I know of a couple of different versions of
this sort of patch.