From: Amon Ott <ao@rsbac.org>
Subject: Re: Re[8]: RSBAC v1.1.1 problem
Date: Tue, 17 Apr 2001 12:04:40 +0200
Next Article (by Date): Re: mysql problems - bugfix? Bencsath Boldizsar
Previous Article (by Date): ACL on soft links ? Fabrice MARIE
Top of Thread: Re[8]: RSBAC v1.1.1 problem Keith Matthews
Articles sorted by: [Date]
[Author]
[Subject]
On Don, 12 Apr 2001 Keith Matthews wrote: > On Thu, 12 Apr 2001 12:17:03 +0200 Amon Ott <Amon Ott <ao@rsbac.org>> wrote: > > There are several solutions to the version name problems, all of which do not > > solve all requirements. > > > > Reqs: > > - RSBAC kernels need distinct version string, because modules might need > > additional symbols > > - The version string should only be changed, if RSBAC is enabled (reason: s.a.) > > - If CONFIG_RSBAC is off, the resulting kernel must be original kernel > > > > I think there is one extra here: > > - The version string must be available fully to any modules that are not > compiled as part of the kernel compile. > > Admittedly these should be rare for security reasons. Indeed I cannot > think of any other than pcmcia-cs, but there probably are around the funny > drivers area. It would be interesting to see what Alcatel's SpeedTouch USB > DSL modem driver makes of it. This requirement is sure important. However, I never had problems with my REG samples. Coould you please test your modules with pre3, when it has come out? > > Probs: > > - Changing EXTRAVERSION is always active, because .config gets read after > > building full version string > > - Modifying version string (as done now) gives dependency probs, because > > version.h does have a dependency entry for CONFIG_RSBAC (thus the touch > > Makefile) > > > > i.e. it clashes with my new requirement above. > > > What we could do is just add -rsbac to EXTRAVERSION and say, whoever patches in > > RSBAC means to have it on anyway. This would also remove the dependency problem. > > > > I eventually solved the problem along these lines by adding 'r' to the > existing version string and commenting out the modified one in the > makefile. All worked fine after that, card services came up, the ethernet > driover started up, ipchains worked fine and the machine is talking to the > rest of the network. The Makefile has now been changed to modify EXTRAVERSION, if RSBAC is on. Do I have to make the version change optional? > I still have to understand how to control AUTH etc to do what I want but > that is a (very) different matter. Please ask here, if you need help. > > The disadvantage is that you would have to build a standard kernel from another > > tree, with another 70-150 MB of disk space. > > > > <cynical mode> With minimum HDD sizes for new disks currently at 20 Gb and growing would > that matter to many users.</cynical mode> For me this is an important argument, because I use preconfigured installations. The extra tree would significantly increase each(!) archive size. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: mysql problems - bugfix? Bencsath Boldizsar
Previous Article (by Date): ACL on soft links ? Fabrice MARIE
Top of Thread: Re[8]: RSBAC v1.1.1 problem Keith Matthews
Articles sorted by: [Date]
[Author]
[Subject]