Re: x86-64 LSM BSD Securelevel module

From: Stephen Smalley (sds@private)
Date: Wed Feb 02 2005 - 04:55:29 PST


On Tue, 2005-02-01 at 11:51, Christopher Warner wrote:
> I'm having a problem with 2.6.10 on x86_64 arch.
> 
> I've compiled BSD securelevel support into 2.6.10 (directly into the
> kernel and via a module) and am receiving the following error below:
> 
> seclvl: seclvl_init: seclvl: Failure registering with the kernel.
> seclvl: seclvl_init: seclvl: Failure registering with primary security
> module.
> seclvl: Error during initialization: rc = [-22]
> 
> However;
> Security Framework v1.0.0 initialized
> Capability LSM initialized
> 
> Obviously it doesn't provide seclvl info on sys because it can't
> register. LSM has been compiled directly into the kernel and is loading
> fine so I'm at a loss as to why exactly it can't register.
> 
> I haven't investigated much further, is this an int/arch problem?

The capability module doesn't allow other modules to stack underneath
it.  That's why SELinux registers itself first and then stacks the
capability (or dummy) modules underneath it.  Note that Serge's work on
general stacking support will help with this problem.

-- 
Stephen Smalley <sds@private>
National Security Agency



This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 06:12:40 PST