If you were using the runtime module disabling feature of grsecurity in the past, you should be aware that in the upcoming 2.6.31 kernel, support for the same feature has been added by default (just by having module support). The new sysctl entry for it is:
/proc/sys/kernel/modules_disabled
To disable module loading at runtime, do a:
echo 1 > /proc/sys/kernel/modules_disabled
Since this feature now exists in the vanilla kernel by default, the grsecurity feature (and sysctl entry) have been removed.
-Brad
Runtime module disabling support added by default to 2.6.31
2 posts
• Page 1 of 1
Runtime module disabling support added by default to 2.6.31
by spender » Fri Sep 04, 2009 10:43 am
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: Runtime module disabling support added by default to 2.6.31
by specs » Sun Oct 04, 2009 11:21 am
I allways thought the right way to do that would be
# sysctl kernel.modules_disabled=0
# sysctl kernel.modules_disabled=0
- specs
- Posts: 190
- Joined: Sun Mar 26, 2006 7:00 am
2 posts
• Page 1 of 1