> lcap CAP_SYS_MODULE CAP_SYS_RAWIO
> which will disable module loading entirely as well as access to
> /dev/mem (which can be just as dangerous as a kernel module and would
> bypass your signed module thing nicely).
Which means: so long, X. I have a workstation and using X in,
naturally, necessary (in fact, it is paramount since 3D rendering
without Xfree4's opengl is horrible). Thus this option is out. How
about compiling the kernel without module support in the first place?
The problem of /dev/mem would remain, but if the kernel does not know
about modules, is it a problem?
--
-----------------------------------------------
| Juha Jäykkä, [EMAIL PROTECTED] |
| home: http://www.utu.fi/~juolja/ |
-----------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
