Steve Kowalik wrote:
That isn't the point at all. A kernel module can still be loaded if it
isn't shipped with the kernel, and indeed, the kind of module that
allows people to break machines would be anyway.
No. This is not right.
I strongly suggest you try the ff procedure which can be replicated.
1. Let's build a Linux kernel for a firewall with two (2) ethernet interfaces.
I specify firewall so you will need just a few modules.
2. Get the source codes for a stock kernel, say, version 2.6.9.
3. Install the source codes in /usr/src/linux
4. Copy your current 'CONFIG' file (usually located in /boot), say,
/boot/config-2.6.9 into /usr/src/linux/.config.
5. Whilst in the directory /usr/src/linux run this:
# make oldconfig
6. Next run this:
# make menuconfig
and configure only the functionalities to get the kernel up and
running as a firewall, no more and no less. /
It is required that your resulting /usr/src/linux/.config has:/
..........snipped............. CONFIG_MODULES=n ..........snipped.............
7. Now, run this: #make modules && make && make modules_install && make install 8. Reboot with the just compiled kernel. 9. Try loading any of your LKM that you made up and compiled somewhere else that you copied in your just rebooted system. 10. Tell us whether you are able to load your LKM in 9. */I CANNOT/*.
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
