I recently tried loading and running a custom security module on a red hat system (both el4 and fedora) that has the capabilities lsm built in, not a loadable module. It seems that the module parameter to disable capabilities is not read off the kernel command line. Is there some way to disable the capabilities module after the Kernel has booted. Obviously, I can't just unload the module. I'm trying to keep from deploying my own Kernel. I tried a really ugly hack where I found out the address of the capability_ops structure (using objdump) and passed that to unregister, which seemed to work, as it allowed me to then register my own module, but it later hung the system (no oops). When I built the red hat Kernel with Capabilities as a module, it worked fine.
This archive was generated by hypermail 2.1.3 : Fri Jun 17 2005 - 12:36:04 PDT