1 |
Greg KH wrote: |
2 |
|
3 |
>On Mon, Jul 05, 2004 at 12:01:12PM -0400, Joshua Brindle wrote: |
4 |
> |
5 |
> |
6 |
>>Now then, about LSM.. Capabilities are still hard coded into the kernel |
7 |
>>if you do _NOT_ use LSM (ie: selinux). |
8 |
>> |
9 |
>> |
10 |
> |
11 |
>Um, SELinux uses LSM :) |
12 |
> |
13 |
> |
14 |
> |
15 |
right but not everyone in the audience is familiar with "LSM" nor is it |
16 |
in the kernel Kconfig or anywhere they could figure it out easily |
17 |
so, being nice, I gave an example of something that uses LSM |
18 |
|
19 |
>>That means every single Linux kernel has capabilies enabled and |
20 |
>>available. |
21 |
>> |
22 |
>> |
23 |
> |
24 |
>Not true at all, it's quite easy to build a kernel without capabilities |
25 |
>enabled. Like, for example, if you choose to use my stupid little |
26 |
>root-plug LSM kernel module. |
27 |
> |
28 |
> |
29 |
You are right, and I got this correction earlier. In the first LSM |
30 |
kernels capabilities were not totally removed from the kernel proper |
31 |
into LSM and I (wrongly) thought this was still the case. |
32 |
|
33 |
|
34 |
Joshua Brindle |
35 |
|
36 |
-- |
37 |
gentoo-dev@g.o mailing list |