Re: realtime-lsm and Debian kernel

[Jurij Smakov <jurij@wooyd.org>]

Hi Guenter,

On Mon, 10 Oct 2005, Guenter Geiger wrote:
> Hi,
>
> I am maintaining a linux security module (LSM) called realtime
> for the Debian system. Loading the module into the stock Debian
> kernel only works if
> CONFIG_SECURITY=y
> and
> CONFIG_SECURITY_CAPABILITIES=m,
> which means that the kernel has to be security enabled and the
> standard security setting (capability.ko) is a module.
>
> For most of the time this has actually been the case for Debian kernels,
> unfortunately these setting seem to have changed, so that with the new 2.6.13 
> release the capability.ko is compiled into the kernel, which makes it 
> impossible to influence security aspects of a running kernel.
>
> Is there a reason for these changes ?
> Would it be possible to stick to CONFIG_SECURITY=y and 
> CONFIG_SECURITY_CAPABILITIES=m ?
> If not, why ?
> Can this be considered a bug and should I file a bug report ?

It appears that this change was done with svn commit 4206, which moved all 
the security related config settings to the common config file. I'm CCing 
Bastian Blank who made this change, so that he can comment on whether 
there is some deep reason for new configuration settings, or it was just
an accident and may be easily reverted.

Best regards,

Jurij Smakov                                        jurij@wooyd.org
Key: http://www.wooyd.org/pgpkey/                   KeyID: C99E03CC