Re: realtime-lsm and Debian kernel
On Tue, Oct 11, 2005 at 06:24:20AM -0500, Geiger Guenter wrote:
> This means that it has to be dropped. Thats ok with me, it means less
> work. What was the reason again for not including the capabilities as
> a module ?
Making Security modules actually modular means they don't have the full
view of the process and generally is a bad idea. For the specific case
of capabilities there even was an exploit in the past. If we want to
support a given security module in debian we should compile it into the
kernel statically.
Reply to: