Re: realtime-lsm module and vanilla 2.6.24 kernel

To: debian-user@lists.debian.org
Subject: Re: realtime-lsm module and vanilla 2.6.24 kernel
From: Dietrich Bollmann <diresu@web.de>
Date: Sat, 09 Feb 2008 19:52:16 +0900
Message-id: <[🔎] 1202554336.4942.15.camel@pippi.pippi>
Reply-to: diresu@web.de
In-reply-to: <[🔎] 1202450792.10523.1.camel@pippi.pippi>
References: <[🔎] 1202450792.10523.1.camel@pippi.pippi>

On Fri, 2008-02-08 at 15:06 +0900, Dietrich Bollmann wrote:
> Hi,
> 
> I would like to use the new vanilla 2.6.24 kernel with the
> realtime-lsm module.

Probably I should also mention that I am using Ingo Molnar's realtime
preemption patch (which relies on the vanilla kernel):

  - kernel: http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.tar.bz2
  - realtime preemption patch:
http://www.kernel.org/pub/linux/kernel/projects/rt/patch-2.6.24-rt1.bz2

> But it seems to be not possible anymore to configure the vanilla
> 2.6.24 kernel to compile the security capabilities as module as
> described in the README for the Debian realtime-lsm package in
> /usr/share/doc/realtime-lsm/README.Debian .
> 
> Should I
> 
>   - wait for an update of the realtime-lsm module?
>   - try one of
>     - CONFIG_SECURITY_CAPABILITIES=y
>     - # CONFIG_XFRM_SUB_POLICY is not set

Sorry, I meant: 

    - # CONFIG_SECURITY_CAPABILITIES is not set

>     - CONFIG_SECURITY_CAPABILITIES=m
>   - do something else?

Thanks again, Dietrich

I also append the README from the realtime-lsm package
( /usr/share/doc/realtime-lsm/README.Debian ):
---
The realtime kernel module for Debian
-------------------------------------

The default configuration allows all users in the audio group (or
applications 
that are setgid audio) to access the kernel with higher scheduling
priority 
and to lock their memory.

The default configuration gives you maximum security and performance.

In order to change this behaviour you can edit the /etc/default/realtime
file.

Debian kernels are built in a way that won't allow you to use the
realtime-lsm
module. In order to use it, you have to build your own kernel, and
configure
the CONFIG_SECURITY_CAPABILITIES as a module. The easiest way is to
install
the Debian linux-source package corresponding to your kernel, unpack it
in
/usr/src and copy the configuration like this:

 cat /boot/config-2.6.17-1-686 | 
 sed s/CONFIG_SECURITY_CAPABILITIES=y/CONFIG_SECURITY_CAPABILITIES=m/ >
 /usr/src/linux-source-2.6.17/.config

Adapt the kernel version according to yours. You can also do this step
manually, by copying the configuration from /boot/ or configuring
yourself, 
just make sure that CONFIG_SECURITY_CAPABILITIES=m, thats the whole
point 
of it.

Build the new kernel with 

> make-kpkg --initrd --revision 1 --append-to-version -1-lsm
kernel_image

and install the resulting .deb.
Afer that, you can build the realtime-lsm with module-assistant:

> m-a build realtime-lsm

or build it with make-kpkg:

Make sure your version.h is up to date (in case you did not compile the
source)
> make modules_prepare
compile:
> make-kpkg modules-image

and install it:

dpkg -i /usr/src/realtime-lsm-module-*.deb

 -- Guenter Geiger (Debian/GNU) <...snip...>, Wed, 24 Mar 2004 16:12:32
+0100

Reply to:

References:
- realtime-lsm module and vanilla 2.6.24 kernel
  - From: Dietrich Bollmann <diresu@web.de>

Prev by Date: Re: Icewm lost! Can't reinstall
Next by Date: Re: mailfilter (was Re: missing /var/mail)
Previous by thread: realtime-lsm module and vanilla 2.6.24 kernel
Next by thread: Etch-and-a-half? When?
Index(es):
- Date
- Thread