Source: modulejail
Section: utils
Maintainer: Jérémy Lal <kapouer@melix.org>
Build-Depends:
 debhelper-compat (= 13)
Standards-Version: 4.7.4
Homepage: https://github.com/jnuyens/modulejail
Vcs-Git: https://salsa.debian.org/debian/modulejail.git
Vcs-Browser: https://salsa.debian.org/debian/modulejail

Package: modulejail
Architecture: all
Depends: ${misc:Depends}
Description: Shrink Linux kernel-module attack surface
 ModuleJail snapshots the set of currently loaded modules and writes a
 modprobe.d blacklist for every kernel module not currently in use,
 minus a built-in baseline and an optional sysadmin-supplied whitelist.
 .
 Aimed at Linux fleet operators who need to harden many servers against
 the wave of AI-assisted kernel privilege-escalation discoveries. Every
 additional loaded module is additional latent attack surface for the
 next disclosed CVE.
 .
 No daemon, no continuous monitoring, no AI inside the tool. One shell
 script, run once on a steady-state host, that writes one modprobe.d
 blacklist file.