Kerneld is not usable in a secure environment as is..
> - Mark the modules immuteable using the immutable file attribute.
I can mark files immutable after the secure level is set. This therefore
doesnt work.
> - A mechanism that allows to limit loading of modules to certain programs:
> In case of kerneld require that it's inode is also immuteable and
> owned by root or kerneld must have been started before the securelevel
> was raised.
and its config files.
Just insisting a module loader was started before the securelevel was raised
would do the job I think.
Alan