Quoting Tony Jones (tonyj@private): > On Mon, Jun 27, 2005 at 03:28:44PM -0500, serue@private wrote: > > Just make sure dummy can't be unloaded by /sys/stacker/unload. I didn't > bother to enforce this. Attached is a just barely tested patch which makes dummy the default module. > I'd still like to see dummy go away and capability become the default. If there are no problems with this patch, I plan to release a second patch which removes the dummy module and makes capability the default module. Regarding whether to use capability or cap_stack, I think we do want to protect the security.* extended attributes when no modules are loaded. One might argue it's pretty much meaningless so long as you've booted your non-selinux or non-mls kernel, but that's assuming to know too much about someone's environment. What does everyone prefer? thanks, -serge
This archive was generated by hypermail 2.1.3 : Tue Jun 28 2005 - 19:31:07 PDT