> should i be able to have the capability module loaded concurrently > with bsdjail? i need capabilities for bind 9 and i can't > seem to load both, no matter which either order. Neither bsdjail nor capabilities offers support for stacking the other, so the only way to use both at once is to use the stacker module at www.sf.net/projects/lsm-stacker. All you need for your purposes is stacker.patch from the lsm-stacker-02 package. The base_patches have been included in mainline, and the stacking-patches are not needed so long as you stick to bsdjail and capabilities. > i tried to follow the code, but i only ended up deducing > that i shouldn't be able to ever load any security modules since > security_ops is dummy at first and that has just > return -EINVAL as its register_security hook ;) If the dummy modules is loaded, then security/security.c:register_security() will succeed, and load the new security_ops in place of dummy_ops. So dummy_ops->register_security is never called :) (Unless you don't define register_security() in your own module, in which case when you do mod_reg_security(MY_NAME, my_ops), the call to verify(ops) will end up making your NULL register_security function pointer point to dummy_register_security.) -serge
This archive was generated by hypermail 2.1.3 : Thu Jan 13 2005 - 19:24:06 PST