On Tue, Nov 01, 2005 at 11:33:15AM +0900, Horms wrote: > On Mon, Oct 31, 2005 at 09:02:03AM -0600, Manoj Srivastava wrote: > > On Mon, 31 Oct 2005 11:06:16 +0900, Horms <[EMAIL PROTECTED]> said: > > > This is a problem that was recently discussed on debian-kernel > > > without resolution. My understanding is that there are some security > > > implications of making SECURITY_CAPABILITIES modular. > > > > It is my understanding that SELinux does require > > SECURITY_CAPABILITIES in order to function. Not having those > > available before the root file system is loaded would make the early > > boot process unprotected and vulnerable, an may cause havoc with the > > startup (I do not know, since I have never tried an SELinux kernel > > without SECURITY_CAPABILITIES compiled in). > > > > Gory details behind my understanding follow. > > [snip] > > Thanks, much apreciated. > > It seems that we are stuck with having SECURITY_CAPABILITIES=y. > And as we know, that completely breaks modular LSM. > > I think this is something we have to live with unless LSM > can be integraded upstream.
What is left to understand is why this breaks modular LSM ? It seems to me a bug in LSM and all future reports should be redirected to LSM. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
