[linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

Fernando Lopez-Lezcano nando at ccrma.Stanford.EDU
Wed Dec 29 18:54:59 UTC 2004

Previous message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Next message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-12-29 at 02:07, Frank Barknecht wrote:
> Hallo,
> Fernando Lopez-Lezcano hat gesagt: // Fernando Lopez-Lezcano wrote:
> 
> > Why I think this is a yes. Any kernel that wants to use the realtime-lsm
> > will have to either not build the POSIX capabilities lsm, or build it as
> > a module. In the later case the system will be vulnerable. The
> > realtime-lsm does not depend on the POSIX capabilities lsm but it forces
> > you to build it as a module, 
> 
> I don't understand: Why does it do so? Shouldn't this be "fixed" in
> the realtime-lsm then?

I don't understand the technical details. I did try this last week but
it does not work, you can either have the POSIX lsm or the realtime lsm
subscribed as a secondary module (whatever that is), but not both at the
same time. Apparently (Jack O'Quinn told me this) the modules can't
currently be stacked. I suspect this is not an issue with the
realtime-lsm module but with the underlying kernel support. 

-- Fernando

Previous message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Next message: [linux-audio-dev] LSM: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audio-dev mailing list