[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dazuko-devel] Linux Common Capabilities

From: John Ogness
Subject: Re: [Dazuko-devel] Linux Common Capabilities
Date: Sun, 19 Sep 2004 13:43:41 +0200
User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.1) Gecko/20040808

Eli Wapniarski wrote:
I was just wondering. Is there anyway that you can have a compile option that simply assumes that Linux Default Capabilities is available. I'm a Fedora Core 2 user, and Linux Default Capabilities are built into the kernel. It is a real pain in the butt to have to recompile a new kernel everytime Fedora releases a new kernel.


The problem is not Dazuko. If Default Capabilities are loaded before Dazuko, then Capabilities will not allow Dazuko to load. This is because Capabilities (and SELinux) do not properly support secondary security modules. They only support each other.

I hate it as much as you. My only option around this would be to stop using LSM and go back to using system call hooks, like with Linux 2.4. Since LSM was so poorly designed to support multiple security modules, there will most likely be an option in the future to use system call hooking.

John Ogness

Dazuko Maintainer

reply via email to

[Prev in Thread] Current Thread [Next in Thread]