On Wed, 2004-12-29 at 02:07, Frank Barknecht wrote: > Hallo, > Fernando Lopez-Lezcano hat gesagt: // Fernando Lopez-Lezcano wrote: > > > Why I think this is a yes. Any kernel that wants to use the realtime-lsm > > will have to either not build the POSIX capabilities lsm, or build it as > > a module. In the later case the system will be vulnerable. The > > realtime-lsm does not depend on the POSIX capabilities lsm but it forces > > you to build it as a module, > > I don't understand: Why does it do so? Shouldn't this be "fixed" in > the realtime-lsm then?
I don't understand the technical details. I did try this last week but it does not work, you can either have the POSIX lsm or the realtime lsm subscribed as a secondary module (whatever that is), but not both at the same time. Apparently (Jack O'Quinn told me this) the modules can't currently be stacked. I suspect this is not an issue with the realtime-lsm module but with the underlying kernel support. -- Fernando
