Package: wnpp Severity: wishlist Owner: Jérémy Lal <[email protected]> X-Debbugs-Cc: [email protected]
* Package name : modulejail Version : 1.3.6 Upstream Contact: Jasper Nuyens <[email protected]> * URL : https://github.com/jnuyens/modulejail * License : GPL-3 Programming Lang: Shell Description : Blacklist unused kernel modules This package provides a single POSIX shell script that allows one to blacklist every kernel module not currently in use, by writing a modprobe.d file. It has conservative, minimal or desktop profiles. ModuleJail does not try to fix kernel bugs, and it cannot. It does the one thing a sysadmin can do today, on any host, in seconds: shrink the attack surface so that the next disclosed bug is more likely to land on a module the host is not even loading. A typical Linux host ships with several thousand kernel modules and uses a few hundred. ModuleJail blacklists the rest. I intend to maintain and use that package. I would like to team-maintain it, however, I don't know which team is the best fit.
