[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dazuko-devel] 2.0.4-pre1 posted

From: John Ogness
Subject: [Dazuko-devel] 2.0.4-pre1 posted
Date: Sun, 12 Sep 2004 20:44:30 +0200
User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.1) Gecko/20040808


As many of you already know, Dazuko's support for Linux 2.6's new security model (LSM) has been horrible. Nearly every Dazuko 2.0.x version has had a different method for configuring and supporting LSM. None of them have been successful and were many times just plain ugly. Last Friday I found myself very frustrated and discouraged that version 2.0.3 of Dazuko was causing so many problems with Linux 2.6 (particularly with SuSE 9.1 users). So I decided to spend the entire last 3 days doing nothing but develop a new LSM implementation for Dazuko.

The results of my work are 2.0.4-pre1, which was posted today. I am *very* pleased with this version and truly feel that I have implemented an LSM module as well as is possible. This version also properly supports module stacking. This means that other security modules (such as capability and root_plug) can be stacked on top of Dazuko without any problems (as long as Dazuko is the primary/first security module loaded). This means that there are still problems if people require NSA SELinux since this must also be the first module. This is a problem because SELinux does *not* support full stacking (it only supports one secondary module). This is SELinux's problem (and perhaps shows some of the weak points in Linux 2.6's LSM).

Since Dazuko now "properly" supports LSM, it requires "commoncap" as a dependency. Make sure you load this module before loading Dazuko or you will get errors about missing symbols.

# modprobe commoncap

I have tested this version on all official Linux 2.6 versions. I am curious to see how it works on the various "flavors" of vendor kernels. Especially since they are all morphing LSM in different ways.

Also in this version were some little fixes for FreeBSD 5 to allow everything to compile without stupid errors. If you are a Linux 2.6 or FreeBSD 5 user, you should upgrade to 2.0.4-pre1.

Thanks to everyone who has been sending in patches lately. Now that LSM for Linux 2.6 is finally under control, I can start looking at your patches (particularly the new FreeBSD 4 features and PHP support).

John Ogness

Dazuko Maintainer

reply via email to

[Prev in Thread] Current Thread [Next in Thread]