Hi everyone, I was looking into something on SLE Micro/openSUSE MicroOS and came to the realisation that kernel modules are a potential risk to the atomicity of behaviour users expect from MicroOS. We tell users that MicroOS will move from one known state to another, but as a kernel module could do literally anything, there is nothing stopping a kernel module being loaded after boot and undermining our 'known state' expectation. Worse, in theory you could even have a kernel module loaded by an rpm, which could be executed from the transactional-update snapshot, making the module resident and active even if the snapshot is never booted into. What is everyones thoughts about possibly disabling kernel module loading by executing the following at the last stage of MicroOS's boot process? echo 1 > /proc/sys/kernel/modules_disabled This will prevent kernel modules from being loaded once MicroOS is booted, and cannot be set back to 0 without a reboot. Is there any scenario where we really might want a MicroOS system loading a kernel module after boot? Regards, -- Richard Brown Linux Distribution Engineer - Future Technology Team Phone +4991174053-361 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D-90409 Nuernberg (HRB 36809, AG Nürnberg) Geschäftsführer: Felix Imendörffer