new kernel feature in progress

Arjan van de Ven arjanv at
Wed Jun 30 07:21:52 UTC 2004


as will be able to see in todays rawhide, we're experimenting with
adding a patch for gpg-signed kernel modules. The idea behind this is
for the administrator to *optionally* [1] restrict the set of modules
that can be linked into the kernel. In selinux context one can even
eventually allow different security contexts to load different subsets
of modules, by restricting certain contexts to a predefined gpg keys

The work isn't complete yet by far, this is just a heads up. Input for
creative uses of this infrastructure is welcome :)

    Arjan van de Ven

[1] And I repeat *optionally*. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the fedora-devel-list mailing list