[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#336452: realtime-lsm-source does not build against the linux-image-2.6.14-1-k7

On Tue, Nov 01, 2005 at 11:33:15AM +0900, Horms wrote:
> On Mon, Oct 31, 2005 at 09:02:03AM -0600, Manoj Srivastava wrote:
> > On Mon, 31 Oct 2005 11:06:16 +0900, Horms  <horms@debian.org> said: 
> > > This is a problem that was recently discussed on debian-kernel
> > > without resolution. My understanding is that there are some security
> > > implications of making SECURITY_CAPABILITIES modular.
> > 
> >         It is my understanding that SELinux does require
> >  SECURITY_CAPABILITIES in order to function. Not having those
> >  available before the root file system is loaded would make the early
> >  boot process unprotected and vulnerable, an may cause havoc with the
> >  startup (I do not know, since I have never tried an SELinux kernel
> >  without SECURITY_CAPABILITIES compiled in).
> > 
> >         Gory details behind my understanding follow.
> 
> [snip]
> 
> Thanks, much apreciated.
> 
> It seems that we are stuck with having SECURITY_CAPABILITIES=y.
> And as we know, that completely breaks modular LSM. 
> 
> I think this is something we have to live with unless LSM
> can be integraded upstream.

What is left to understand is why this breaks modular LSM ? It seems to me a
bug in LSM and all future reports should be redirected to LSM.

Friendly,

Sven Luther
Reply to: