"Kevin P. Neal" <kpneal@interpath.com> writes:

> I thought that at securelevel > 0 you couldn't load any lkm's. 

You can't.  That won't change.

> How about a stock rc file that loads the lkm's at boot? rc.lkm perhaps?
> Or /etc/lkms with a list of lkm's to be loaded by rc or rc.local? This
> would be for the tighter-security-minded people.

Or a program to do so, making certain that dependancies are met.

> The idea of Linux loading/unloading kernel modules on the fly in a running
> system bothers me, and strikes me as a hell of a security hole if an
> intruder gains the ability to write to the root filesystem. Let's not go
> that route, please.

As an option I think it would be a good idea.

--Michael