FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-08-2008, 05:06 AM
Dietrich Bollmann
 
Default realtime-lsm module and vanilla 2.6.24 kernel

Hi,

I would like to use the new vanilla 2.6.24 kernel with the
realtime-lsm module.

But it seems to be not possible anymore to configure the vanilla
2.6.24 kernel to compile the security capabilities as module as
described in the README for the Debian realtime-lsm package in
/usr/share/doc/realtime-lsm/README.Debian .

Should I

- wait for an update of the realtime-lsm module?
- try one of
- CONFIG_SECURITY_CAPABILITIES=y
- # CONFIG_XFRM_SUB_POLICY is not set
- CONFIG_SECURITY_CAPABILITIES=m
- do something else?

Thanks, Dietrich



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-09-2008, 09:52 AM
Dietrich Bollmann
 
Default realtime-lsm module and vanilla 2.6.24 kernel

On Fri, 2008-02-08 at 15:06 +0900, Dietrich Bollmann wrote:
> Hi,
>
> I would like to use the new vanilla 2.6.24 kernel with the
> realtime-lsm module.

Probably I should also mention that I am using Ingo Molnar's realtime
preemption patch (which relies on the vanilla kernel):

- kernel: http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.tar.bz2
- realtime preemption patch:
http://www.kernel.org/pub/linux/kernel/projects/rt/patch-2.6.24-rt1.bz2

> But it seems to be not possible anymore to configure the vanilla
> 2.6.24 kernel to compile the security capabilities as module as
> described in the README for the Debian realtime-lsm package in
> /usr/share/doc/realtime-lsm/README.Debian .
>
> Should I
>
> - wait for an update of the realtime-lsm module?
> - try one of
> - CONFIG_SECURITY_CAPABILITIES=y
> - # CONFIG_XFRM_SUB_POLICY is not set

Sorry, I meant:

- # CONFIG_SECURITY_CAPABILITIES is not set

> - CONFIG_SECURITY_CAPABILITIES=m
> - do something else?

Thanks again, Dietrich

I also append the README from the realtime-lsm package
( /usr/share/doc/realtime-lsm/README.Debian ):
---
The realtime kernel module for Debian
-------------------------------------

The default configuration allows all users in the audio group (or
applications
that are setgid audio) to access the kernel with higher scheduling
priority
and to lock their memory.

The default configuration gives you maximum security and performance.

In order to change this behaviour you can edit the /etc/default/realtime
file.

Debian kernels are built in a way that won't allow you to use the
realtime-lsm
module. In order to use it, you have to build your own kernel, and
configure
the CONFIG_SECURITY_CAPABILITIES as a module. The easiest way is to
install
the Debian linux-source package corresponding to your kernel, unpack it
in
/usr/src and copy the configuration like this:

cat /boot/config-2.6.17-1-686 |
sed s/CONFIG_SECURITY_CAPABILITIES=y/CONFIG_SECURITY_CAPABILITIES=m/ >
/usr/src/linux-source-2.6.17/.config

Adapt the kernel version according to yours. You can also do this step
manually, by copying the configuration from /boot/ or configuring
yourself,
just make sure that CONFIG_SECURITY_CAPABILITIES=m, thats the whole
point
of it.

Build the new kernel with

> make-kpkg --initrd --revision 1 --append-to-version -1-lsm
kernel_image

and install the resulting .deb.
Afer that, you can build the realtime-lsm with module-assistant:

> m-a build realtime-lsm

or build it with make-kpkg:

Make sure your version.h is up to date (in case you did not compile the
source)
> make modules_prepare
compile:
> make-kpkg modules-image

and install it:

dpkg -i /usr/src/realtime-lsm-module-*.deb

-- Guenter Geiger (Debian/GNU) <...snip...>, Wed, 24 Mar 2004 16:12:32
+0100




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:25 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org