On Fri, Oct 14, 2005 at 05:02:54PM +0200, [EMAIL PROTECTED] wrote: > Quoting Horms <[EMAIL PROTECTED]>: > > > On Tue, Oct 11, 2005 at 01:27:27PM +0200, Christoph Hellwig wrote: > > > On Tue, Oct 11, 2005 at 06:24:20AM -0500, Geiger Guenter wrote: > > > > This means that it has to be dropped. Thats ok with me, it means less > > > > work. What was the reason again for not including the capabilities as > > > > a module ? > > > > > > Making Security modules actually modular means they don't have the full > > > view of the process and generally is a bad idea. For the specific case > > > of capabilities there even was an exploit in the past. If we want to > > > support a given security module in debian we should compile it into the > > > kernel statically. > > > > If I recall, lsm wasn't well recieved upstream, in which case > > dropping it is probably a good idea anyway. > > Yes its true that it wasn't accepted upstream, but it is, security wise, > still the best solution to gain the necessary realtime permissions for audio > work. That's the main reason why I don't want to throw it away without a > thought. If I understand correctly the modular approach would be acceptable if > the capabilities module would not be removable. > I think this should be achievable.
Can you talk this over with the SE linux guys and see what they think. It sounds like this primarily a config problem, though there might need to be some kernel updates to make the SE people happy. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
