[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-devel] DazukoFS 3.0.0-rc1 doesn't build
From: |
tv |
Subject: |
Re: [Dazuko-devel] DazukoFS 3.0.0-rc1 doesn't build |
Date: |
Thu, 9 Oct 2008 14:10:57 +0200 (CEST) |
On Tue, 7 Oct 2008, John Ogness wrote:
> DazukoFS 3 takes care of both of these issues by providing the
> registered application with a read-only, already opened file
> descriptor. This allows the registered application to scan the
> contents without ever having to open a file. Thus, the registered
> application does not require any more priviledges than any other
> application (except for accessing the DazukoFS device, of course).
>
> Since the new model represents a fundemental change in the way Dazuko
> works, it is not possible to "trick" Dazuko 2.x applications into
> using the DazukoFS 3.x interface. It would require adding backwards
> compatible hooks into DazukoFS (and I don't want to do that).
>
> I realize that for anti-virus vendors, adapting to the new DazukoFS
> requires some effort. That is why I made sure it was a completely
> separate interface. If a vendor wanted, they could easily support
> Dazuko and DazukoFS simultaneously, and choose whichever is available
> on the system. In my opinion, the changes required would be rather
> small.
>
> I know that Avira GmbH is currently evaluating DazukoFS. Once DazukoFS
> is officially released, perhaps they will include support for it in
> their on-access scanner.
Thank you for the explanation.
Btw. for dazuko 2.3.5, the Kconfig says:
This module will NOT work if both "NSA SELinux Support" and
"Default Linux Capabilities" are enabled.
Could it be that this is true for CONFIG_SECURITY_SMACK aswell?
(CONFIG_SECURITY_CAPABILITIES and CONFIG_SECURITY_SMACK, no
CONFIG_SECURITY_SELINUX)
I had no luck booting a kernel with dazuko patch and smack switched on.
Greetings,
Thomas