RageLtMan

@c-po - i think that adding `tunnel-all-dns` would fit in scope for this PR since its effectively the inverse of split-dns and only default when a default route is offered...

@thorstenkramm - LDAP is pretty scary by itself, but LDAPS should provide coverage for the cleartext data transfer concern while something like RADIUS with its various EAP paradigms can be...

As an extension of the "don't implement your own cryptography even if you're a cryptographer" principle, i would suggest considering credential management from the same perspective. There is a fair...

Thanks @milabs - this is cool stuff, looking forward to more standoff in public builds. FS restrictions are kind of fraught in that its very hard to predict what actually...

Hmm, something's not right here. On the subsequent 5.10.100, built as a module, and loaded at runtime, i get this fine mess: ``` # modprobe p_lkrg modprobe: ERROR: could not...

Hey @Adam-pi3 - thanks for jumping in. The `EXPORT_SYMBOL(__put_seccomp_filter);` suggestion is a neat trick, thanks, will try that. I'm hoping it will fix both the module-based and in-binary execution woes....

@solardiz: The inability for p_lkrg to run without exporting a bunch of symbols (which i'm guessing per @Adam-pi3's comment are being eaten up by GCC for those of us using...

This whole thing does make me wonder if the inability of LKRG to resolve symbols at runtime transfers to other rootkits - does O3's optimization pass actually break runtime hooking...

@solardiz - sorry for the pollution. I exist in a bit of a chainsaw-juggling paradigm (multiple tasks at multiple consultancies and some c-type roles which often digress from tech) so...

@Adam-pi3 - the `EXPORT_SYMBOL` trick seems to work, thank you. I ran into a few other symbols it wanted and did a fairly overkill pass at exporting symbols from seccomp,...