On Fri, 2005-08-26 at 09:22 -0700, Chris Wright wrote: > I left it for two reasons. Making it built-in will mean you can't > load another security module. CONFIG_SECURITY=n achieves the same effect. > Some distros use the module already, so > it's compatibility. I'd assume that they only do that so that they can load something else as primary, and then optionally stack capability under it. Which they can still achieve (just by modifying their primary to use the commoncap functions directly). > These aren't the best reasons to keep it long term. Yes, it seems confusing to leave it. I can easily see people leaving it enabled as long as it remains without realizing that it is no longer serving any purpose. And it will definitely kick out an error message if you leave SELinux+capability enabled together due to the failed registration. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Fri Aug 26 2005 - 09:53:04 PDT