Blare is a family of policy-based intrusion detection systems (IDS). These IDSs are based on a common information flow monitoring model. The user defines the policy by specifying authorised flows beforehand and these IDSs dynamically check this policy in different types of systems. KBlare is an implementation of this model at the Linux kernel level. It is a security extension using the LSM framework to intercept system calls and add meta-information, called security labels, to the different types of information containers in the system (files, memory pages). KBlare updates these labels depending on the flows it tracks ie. based on executed system calls. It throws alerts whenever one of these flows does not satisfy the policy ie. whenever one of the security property becomes invalid for a container's label. We will briefly present the theoretical model and proceed to explain how we implemented it in the Linux kernel. Using the LSM framework, we intercept system calls and deduce information flows. We will also show a brief demonstration of KBlare detecting an intrusion.