Re: realtime-lsm module and vanilla 2.6.24 kernel
On Fri, 2008-02-08 at 15:06 +0900, Dietrich Bollmann wrote:
> I would like to use the new vanilla 2.6.24 kernel with the
> realtime-lsm module.
Probably I should also mention that I am using Ingo Molnar's realtime
preemption patch (which relies on the vanilla kernel):
- kernel: http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.tar.bz2
- realtime preemption patch:
> But it seems to be not possible anymore to configure the vanilla
> 2.6.24 kernel to compile the security capabilities as module as
> described in the README for the Debian realtime-lsm package in
> /usr/share/doc/realtime-lsm/README.Debian .
> Should I
> - wait for an update of the realtime-lsm module?
> - try one of
> - CONFIG_SECURITY_CAPABILITIES=y
> - # CONFIG_XFRM_SUB_POLICY is not set
Sorry, I meant:
- # CONFIG_SECURITY_CAPABILITIES is not set
> - CONFIG_SECURITY_CAPABILITIES=m
> - do something else?
Thanks again, Dietrich
I also append the README from the realtime-lsm package
( /usr/share/doc/realtime-lsm/README.Debian ):
The realtime kernel module for Debian
The default configuration allows all users in the audio group (or
that are setgid audio) to access the kernel with higher scheduling
and to lock their memory.
The default configuration gives you maximum security and performance.
In order to change this behaviour you can edit the /etc/default/realtime
Debian kernels are built in a way that won't allow you to use the
module. In order to use it, you have to build your own kernel, and
the CONFIG_SECURITY_CAPABILITIES as a module. The easiest way is to
the Debian linux-source package corresponding to your kernel, unpack it
/usr/src and copy the configuration like this:
cat /boot/config-2.6.17-1-686 |
sed s/CONFIG_SECURITY_CAPABILITIES=y/CONFIG_SECURITY_CAPABILITIES=m/ >
Adapt the kernel version according to yours. You can also do this step
manually, by copying the configuration from /boot/ or configuring
just make sure that CONFIG_SECURITY_CAPABILITIES=m, thats the whole
Build the new kernel with
> make-kpkg --initrd --revision 1 --append-to-version -1-lsm
and install the resulting .deb.
Afer that, you can build the realtime-lsm with module-assistant:
> m-a build realtime-lsm
or build it with make-kpkg:
Make sure your version.h is up to date (in case you did not compile the
> make modules_prepare
> make-kpkg modules-image
and install it:
dpkg -i /usr/src/realtime-lsm-module-*.deb
-- Guenter Geiger (Debian/GNU) <...snip...>, Wed, 24 Mar 2004 16:12:32