On 18 Apr 2002, Steve Johnson wrote: > This is my first attempt at installing an LSM patched kernel, but I'm > having problems compiling the kernel after configuring the kernel. I'm > trying to build it on a RedHat 7.2 system. > > I have patched a newly uncompressed 2.4.18 kernel with the > lsm-full-2002_02_25-2.4.18 patch. The patching process worked fine and > I've configured the kernel with the following options: You might want to use the head of the BitKeeper tree rather than the last snapshot patch. > # > # Security options > # > CONFIG_SECURITY_CAPABILITIES=y If you enable capabilities as built-in, then you won't be able to dynamically insert any other security modules. Probably not what you want. Which security module did you actually want to use? You can't simply mix-and-match them arbitrarily. > CONFIG_SECURITY_SELINUX=m > CONFIG_SECURITY_SELINUX_DEVELOP=y > CONFIG_SECURITY_SELINUX_MLS=y If you want to use SELinux, then you'll need to obtain the non-kernel components of SELinux and follow the README instructions from the NSA web site, as noted in the help text for the SELinux option. It is generally recommended that you build SELinux into the kernel if you want to use it. The MLS option isn't a good idea unless you really want to experiment with it, as noted in the help text. > Any ideas what could be causing this or possible ways to solve the > issue? There have been a number of changes to the LIDS module since that snapshot patch was created, so I'd suggest using the head of the BitKeeper tree. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 12:02:31 PDT