30 Dec
2004
30 Dec
'04
11:27 a.m.
On Wed, 29 Dec 2004 at 11:07 +0100, Frank Barknecht wrote:
Hallo,
Fernando Lopez-Lezcano hat gesagt: // Fernando Lopez-Lezcano wrote:
Someone please correct me if I'm wrong, but it just looks like a case of a
simplistic check. It doesn't look like realtime-lsm really depends on
posix capabilities being compiled as a module, but on posix capabilities
not being compiled in. So I'm going to try this patch (it builds, we'll
see if it works fine, but I suspect it will):
diff -u /tmp/realtime-lsm-0.8.5/Makefile realtime-lsm-0.8.5/Makefile
--- /tmp/realtime-lsm-0.8.5/Makefile 2004-11-24 11:38:41.000000000 -0700
+++ realtime-lsm-0.8.5/Makefile 2004-12-30 08:22:58.000000000 -0700
@@ -20,7 +20,7 @@
$(MAKE) modules -C $(KERNEL_DIR) SUBDIRS=$(shell pwd)
config:
- @if grep CONFIG_SECURITY_CAPABILITIES=m $(KERNEL_DIR)/.config; \
+ @if ! grep CONFIG_SECURITY_CAPABILITIES=y $(KERNEL_DIR)/.config; \
then ln -sf $(KERNEL_DIR)/security/$(COMMONCAP) .; \
else echo "Failed: Security Capabilities not configured as module"; \
echo "Realtime LSM will not work with $(KERNEL_DIR)"; \
--
.O. Hans Fugal | De gustibus non disputandum est.
..O http://hans.fugal.net | Debian, vim, mutt, ruby, text, gpg
OOO | WindowMaker, gaim, UTF-8, RISC, JS Bach
---------------------------------------------------------------------
GnuPG Fingerprint: 6940 87C5 6610 567F 1E95 CB5E FC98 E8CD E0AA D460
Why I think this is a yes. Any kernel that wants
to use the realtime-lsm
will have to either not build the POSIX capabilities lsm, or build it as
a module. In the later case the system will be vulnerable. The
realtime-lsm does not depend on the POSIX capabilities lsm but it forces
you to build it as a module,
I don't understand: Why does it do so? Shouldn't this be "fixed" in
the realtime-lsm then?