Red Hat Bugzilla – Bug 442245
Can't register LSM other than SELinux
Last modified: 2008-06-16 17:44:08 EDT
Description of problem:
I'm developing a Linux Security Module. When I try to load the module,
registering fails and SELinux complies that there's already a secondary module
active and won't let me stack my module. If I totally disable SELinux, The
system goes on and doesn't allow my to register my security module as neither as
primary or secondary. This has to be fixed, people should be allowed to load
security modules other than SELinux.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Write a basic module using the Linux Security Module API
2. Try to load ii into the kernel
It won't be loaded; nor as a primary neither as a secondary module
The module should be loaded correctly and being alloed to enforce its policy on
SELinux only supports capabilities. Period. End of Story. Will not change.
Module stacking will not be implemented.
You may wish to look at the following patch which was implemented upstream to
allow for user selection of SMACK vs. SELinux
I want to remove the whole concept of 'secondary' modules as a general idea
since the ONLY module supported is capabilities why not just have everything
hook directly into capabilities and stop pretending that other secondary modules
I see no bug here. do whatever SMACK does.
Closing as not a bug for now. If you better explain the issue I might be able