I added kernel.grsecurity.disable_modules = 1 to my /etc/sysctl.conf .
However, iptables and net.eth1 init scripts were unable to start. I
already had the module for my NIC (8139too) in
/etc/modules.autoload.d/kernel-2.6 . I added iptable_filter and
nf_conntrack_ipv4 to it, then rebooted, but the init scripts were
still unable to start. What other modules must I load? To send this
message, I had to comment the line in /etc/sysctl.conf and reboot
again.

By the way, why the runtime module disabling feature is a sysctl
setting, regardless of the sysctl support kernel configuration option?
--
gentoo-hardened@gentoo.org mailing list

Isn't that expected behavior?. Sysctl settings are activated on the
boot runlevel. Setting kernel.grsecurity.disable_modules to 1 will
disable loading modules. Of course loading modules afterwards will
fail.

Ed

On Dec 16, 2007 2:43 AM, René Rhéaume <rene.rheaume@gmail.com> wrote:
> I added kernel.grsecurity.disable_modules = 1 to my /etc/sysctl.conf .
> However, iptables and net.eth1 init scripts were unable to start. I
> already had the module for my NIC (8139too) in
> /etc/modules.autoload.d/kernel-2.6 . I added iptable_filter and
> nf_conntrack_ipv4 to it, then rebooted, but the init scripts were
> still unable to start. What other modules must I load? To send this
> message, I had to comment the line in /etc/sysctl.conf and reboot
> again.
>
> By the way, why the runtime module disabling feature is a sysctl
> setting, regardless of the sysctl support kernel configuration option?
> --
> gentoo-hardened@gentoo.org mailing list
>
>
���Z�קy�����&j)b� b�