Kernrol

Kernrol is a lightweight, role‑based access control (RBAC) extension designed for operating system kernels. It was introduced in 2017 as part of the Open Kernel Initiative to provide fine‑grained permission handling directly within the kernel space. Kernrol operates by attaching a role identifier to each process and kernel module, allowing administrators to specify permissions at the role level rather than by individual users or file paths. This approach reduces the complexity of traditional discretionary access controls and enhances security by minimizing the attack surface.

The core architecture of Kernrol consists of a kernel module that intercepts system calls and checks the

Deployment of Kernrol requires recompilation of the target kernel with the Kernrol module enabled, followed by