29 Dec
2004
29 Dec
'04
3:09 p.m.
On Wed, 2004-12-29 at 10:54 -0800, Fernando Lopez-Lezcano wrote:
On Wed, 2004-12-29 at 02:07, Frank Barknecht wrote:
I think it's actually an issue with the POSIX capabilities module,
there's nothing the realtime LSM can do about it. For example you can
load realtime LSM on top of SELinux.
Lee
Hallo,
Fernando Lopez-Lezcano hat gesagt: // Fernando Lopez-Lezcano wrote:
I don't understand the technical details. I did try this last week but
it does not work, you can either have the POSIX lsm or the realtime lsm
subscribed as a secondary module (whatever that is), but not both at the
same time. Apparently (Jack O'Quinn told me this) the modules can't
currently be stacked. I suspect this is not an issue with the
realtime-lsm module but with the underlying kernel support.
Why I think this is a yes. Any kernel that wants
to use the realtime-lsm
will have to either not build the POSIX capabilities lsm, or build it as
a module. In the later case the system will be vulnerable. The
realtime-lsm does not depend on the POSIX capabilities lsm but it forces
you to build it as a module,
I don't understand: Why does it do so? Shouldn't this be "fixed" in
the realtime-lsm then?