Re: Problem compiling lsm with 2.4.18 kernel

From: Steve Johnson (sjohnsonat_private)
Date: Thu Apr 18 2002 - 12:20:06 PDT

  • Next message: Chris Wright: "Re: Problem compiling lsm with 2.4.18 kernel"

    Thanks a lot for the information. I'm basically starting to learn about
    various security aspects of Linux and wanted to look at them, try to
    learn them and also test them out, which is why they were installed the
    way they were... The primary module that I was really interested in was
    LIDS. I did not know that the modules could not be mixed like that. I'll
    check out the documentation of SELinux more thoughroughly. Is there a
    page that has more documentation on LSM itself?
    
    Thanks again,
    Steve Johnson
    
    On Thu, 2002-04-18 at 15:01, Stephen Smalley wrote:
    
        On 18 Apr 2002, Steve Johnson wrote:
        
        > This is my first attempt at installing an LSM patched kernel, but I'm
        > having problems compiling the kernel after configuring the kernel. I'm
        > trying to build it on a RedHat 7.2 system.
        >
        > I have patched a newly uncompressed 2.4.18 kernel with the
        > lsm-full-2002_02_25-2.4.18 patch. The patching process worked fine and
        > I've configured the kernel with the following options:
        
        You might want to use the head of the BitKeeper tree rather than the
        last snapshot patch.
        
        > #
        > # Security options
        > #
        > CONFIG_SECURITY_CAPABILITIES=y
        
        If you enable capabilities as built-in, then you won't be able to
        dynamically insert any other security modules.  Probably not what you
        want.  Which security module did you actually want to use?  You can't
        simply mix-and-match them arbitrarily.
        
        > CONFIG_SECURITY_SELINUX=m
        > CONFIG_SECURITY_SELINUX_DEVELOP=y
        > CONFIG_SECURITY_SELINUX_MLS=y
        
        If you want to use SELinux, then you'll need to obtain the non-kernel
        components of SELinux and follow the README instructions from the NSA web
        site, as noted in the help text for the SELinux option.  It is generally
        recommended that you build SELinux into the kernel if you want to use it.
        The MLS option isn't a good idea unless you really want to experiment
        with it, as noted in the help text.
        
        > Any ideas what could be causing this or possible ways to solve the
        > issue?
        
        There have been a number of changes to the LIDS module since that snapshot
        patch was created, so I'd suggest using the head of the BitKeeper tree.
        
        --
        Stephen D. Smalley, NAI Labs
        ssmalleyat_private
        
        
        
        
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 12:26:00 PDT