Little idea
Background:
When booting system, first kernel is loading, then device setup & testing, booting procedure, and then /sbin/init is called
To time when in /etc/inittab grsecurity ACL's not enabled by gradm -E system is not protected by ACL's
Idea:
Enable grsecurity at boot time, as a parameter passed to kernel like vga=ask or ide-scsi
Make possibility to have different ACL's to different runlevels and base /etc/grsec/acl for running system
I think that support for ACL's in initrd can be usefull to, specially for little systems that use initrd for initial configuration. That can be made only by looking in initrd image for /etc/grsec/acl
What do You think ?