[$] A “runtime guard” for the kernel

Post Syndicated from jake original https://lwn.net/Articles/749707/rss

While updating kernels frequently is generally considered a security best
practice, there are many installations that are unable to do so for a
variety of reasons. That means running with some number of known
vulnerabilities (along with an unknown number of unknown vulnerabilities, of
course), so some way to detect and stop exploits for those flaws may be
desired. That is exactly what the Linux Kernel Runtime Guard (LKRG)
is meant to do.