Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-amd64

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-amd64@l.g.o
Subject: [gentoo-amd64] Re: catch 22 with realtime-lsm and commoncap (capability dependency) modules
Date: Mon, 24 Apr 2006 02:22:07
Message-Id: pan.2006.04.24.02.20.09.452997@cox.net
In Reply to: Re: [gentoo-amd64] catch 22 with realtime-lsm and commoncap (capability dependency) modules by Kyle Lutze
1 Kyle Lutze posted <444C0482.4090408@×××××××××××.com>, excerpted below, on
2 Sun, 23 Apr 2006 15:49:38 -0700:
3
4 > re-emerging jack-audio-connection-kit with "-caps" did the trick, go
5 > figure. everything else was perfect
6 >
7 > on a side note, if capabilities was replaced by realtime and lsm, why is
8 > capabilities still in the 2.6 kernel?
9
10 I'm not familiar with the 2.4 capacities module and how it worked, so
11 can't answer that aspect of the question. However, in kernel 2.6, there's
12 the Linux Security Module (LSM) framework. It's designed to expose the
13 necessary kernel hooks for any of several different security module
14 approaches in a pluggable way, so any of several modules can be enabled to
15 take advantage of it.
16
17 In 2.6, the capacities module is implemented using LSM, designed to plug
18 into LSM and to provide the "traditional" Linux security implementation.
19 Apparently, realtime-lsm is a second available plugin. IIRC there's at
20 least a third as well, the BSD audit security framework, and I believe I
21 read that SELinux has a module too, tho for all I know it uses the BSD
22 audit module, perhaps with a few modifications, not its own separate
23 module.
24
25 It shouldn't therefore be entirely surprising that realtime-lsm and
26 capacities conflict, as they are probably fighting for control of the same
27 thing. Is it possible to use two different LSMs together in any case? I
28 don't know, but it's evident that there's a conflict here. It appears you
29 can use one or the other but not both at the same time. You plug in one,
30 and it takes at least part of the interface the other one would plug
31 into, so you can't plug in the other.
32
33 --
34 Duncan - List replies preferred. No HTML msgs.
35 "Every nonfree program has a lord, a master --
36 and if you use the program, he is your master." Richard Stallman in
37 http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html
38
39
40 --
41 gentoo-amd64@g.o mailing list

Replies

Subject Author
Re: [gentoo-amd64] Re: catch 22 with realtime-lsm and commoncap (capability dependency) modules Kyle Lutze <kyle@×××××××××××.com>
Report Message
Find on MARC Find on Google Groups