1 |
Joshua Brindle posted <40E97B48.4060904@g.o>, excerpted below, on |
2 |
Mon, 05 Jul 2004 12:01:12 -0400: |
3 |
|
4 |
> Now then, about LSM.. Capabilities are still hard coded into the kernel |
5 |
> if you do _NOT_ use LSM (ie: selinux). That means every single Linux |
6 |
> kernel has capabilies enabled and available. Once LSM is enabled the |
7 |
> capabilities module takes over cap handling. This is why we recommend |
8 |
> (strongly!) that the capabilities module be enabled with selinux. |
9 |
|
10 |
I do not believe that's the case any longer. Capabilities are now an |
11 |
option in the mainline 2.6 kernels, I believe under |
12 |
Linux-security-modules (what you referred to with LSM?), but disable-able |
13 |
without enabling anything else.. They can be built-in, compiled as |
14 |
modules, or left out entirely. |
15 |
|
16 |
Here, I compile them/it as a module (and I don't compile SELinux, |
17 |
either.. I don't believe it's an option, at least for vanilla AMD64 |
18 |
kernels, yet), but have it set to auto-load, both in Mandrake and in |
19 |
Gentoo, because BIND does indeed need them as compiled by both |
20 |
distributions, and I do run it. |
21 |
|
22 |
-- |
23 |
Duncan - List replies preferred. No HTML msgs. |
24 |
"They that can give up essential liberty to obtain a little |
25 |
temporary safety, deserve neither liberty nor safety." -- |
26 |
Benjamin Franklin |
27 |
|
28 |
|
29 |
|
30 |
-- |
31 |
gentoo-dev@g.o mailing list |