| 1 |
Hi! |
| 2 |
|
| 3 |
On servers I build kernel without module support. But on workstation it's |
| 4 |
impossible to avoid using kernel modules: vmware-modules, nvidia-drivers... |
| 5 |
|
| 6 |
I'm usually load required modules while boot and then do in /etc/sysctl.conf: |
| 7 |
kernel.grsecurity.disable_modules = 1 |
| 8 |
kernel.grsecurity.grsec_lock = 1 |
| 9 |
|
| 10 |
But that doesn't work out of box for vmware: /etc/vmware/init.d/vmware try |
| 11 |
to load/unload kernel modules while processing start/stop commands - and, |
| 12 |
surely, fail in my configuration. |
| 13 |
|
| 14 |
The fix is ease: just comment out few insmod and rmmod lines in |
| 15 |
/etc/vmware/init.d/vmware and load all required modules while boot |
| 16 |
(vmmon, vmci, vmblock, vmnet). |
| 17 |
|
| 18 |
|
| 19 |
Is it have sense to patch /etc/vmware/init.d/vmware this way on hardened |
| 20 |
systems in vmware ebuild by default? |
| 21 |
|
| 22 |
-- |
| 23 |
WBR, Alex. |
Archives