Re: x86-64 LSM BSD Securelevel module

From: Christopher Warner (chris@private)
Date: Wed Feb 02 2005 - 01:29:26 PST


I'd be remiss not to mention that maybe if the Capability module is
flagged in kernel config there should be a note about this. The current
note defaults to telling the user to select "Y" when in doubt. Or at
least the modules that don't take it upon themselves to load primary
should grey out. 

--
Christopher Warner

On Wed, 2005-02-02 at 07:55 -0500, Stephen Smalley wrote:
> On Tue, 2005-02-01 at 11:51, Christopher Warner wrote:
> > I'm having a problem with 2.6.10 on x86_64 arch.
> > 
> > I've compiled BSD securelevel support into 2.6.10 (directly into the
> > kernel and via a module) and am receiving the following error below:
> > 
> > seclvl: seclvl_init: seclvl: Failure registering with the kernel.
> > seclvl: seclvl_init: seclvl: Failure registering with primary security
> > module.
> > seclvl: Error during initialization: rc = [-22]
> > 
> > However;
> > Security Framework v1.0.0 initialized
> > Capability LSM initialized
> > 
> > Obviously it doesn't provide seclvl info on sys because it can't
> > register. LSM has been compiled directly into the kernel and is loading
> > fine so I'm at a loss as to why exactly it can't register.
> > 
> > I haven't investigated much further, is this an int/arch problem?
> 
> The capability module doesn't allow other modules to stack underneath
> it.  That's why SELinux registers itself first and then stacks the
> capability (or dummy) modules underneath it.  Note that Serge's work on
> general stacking support will help with this problem.
> 



This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 06:16:53 PST