On Wed, 30 Jun 2004, Arjan van de Ven wrote: > Hi, > > as will be able to see in todays rawhide, we're experimenting with > adding a patch for gpg-signed kernel modules. The idea behind this is > for the administrator to *optionally* [1] restrict the set of modules > that can be linked into the kernel. In selinux context one can even > eventually allow different security contexts to load different subsets > of modules, by restricting certain contexts to a predefined gpg keys > only. > > The work isn't complete yet by far, this is just a heads up. Input for > creative uses of this infrastructure is welcome :) > > Greetings, > Arjan van de Ven > > > [1] And I repeat *optionally*. > Who's patch are you adding? I know of a couple of different versions of this sort of patch.
