Hi!
On servers I build kernel without module support. But on workstation it's
impossible to avoid using kernel modules: vmware-modules, nvidia-drivers...
I'm usually load required modules while boot and then do in /etc/sysctl.conf:
kernel.grsecurity.disable_modules = 1
kernel.grsecurity.grsec_lock = 1
But that doesn't work out of box for vmware: /etc/vmware/init.d/vmware try
to load/unload kernel modules while processing start/stop commands - and,
surely, fail in my configuration.
The fix is ease: just comment out few insmod and rmmod lines in
/etc/vmware/init.d/vmware and load all required modules while boot
(vmmon, vmci, vmblock, vmnet).
Is it have sense to patch /etc/vmware/init.d/vmware this way on hardened
systems in vmware ebuild by default?
--
WBR, Alex.
