how to disable loadable kernel moduels?

Bruce Cran bruce at
Wed Feb 24 23:19:36 UTC 2010

On Wed, 24 Feb 2010 16:47:25 -0600 (CST)
Robert Bonomi <bonomi at> wrote:

> I'm building custom kernels for use in 'hostile' environments --
> where I need to enforce "restricted" capabilities, even in the event
> of malicious 'root' access.  (if the bad guy has *physical* access to
> the machine, I know I'm toast, so I don't try to protect against
> _that_ in software -- beyond the usual access-control mechnisms, that
> is.)

See security(7) -

Securelevel 1 disables the loading of kernel modules; the manual page
has far more details of how to secure the system further.

Bruce Cran

More information about the freebsd-questions mailing list