guenter geiger <[EMAIL PROTECTED]> writes: > That would be great, meanwhile I found this message [0] about providing > the security hooks in the debian kernel, seems that sooner or later they > will be enabled, but then we would have to make sure that the capabilities > are built as a module, right ?
Right. The realtime LSM won't load if capabilities are linked directly into the kernel (CONFIG_SECURITY_CAPABILITIES=y), you *must* build the kernel with CONFIG_SECURITY_CAPABILITIES=m. I recently added a check in the Makefile for this. -- joq
