Red Hat Bugzilla – Bug 442245
Can't register LSM other than SELinux
Last modified: 2008-06-16 17:44:08 EDT
Description of problem: I'm developing a Linux Security Module. When I try to load the module, registering fails and SELinux complies that there's already a secondary module active and won't let me stack my module. If I totally disable SELinux, The system goes on and doesn't allow my to register my security module as neither as primary or secondary. This has to be fixed, people should be allowed to load security modules other than SELinux. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Write a basic module using the Linux Security Module API 2. Try to load ii into the kernel Actual results: It won't be loaded; nor as a primary neither as a secondary module Expected results: The module should be loaded correctly and being alloed to enforce its policy on the system. Additional info:
SELinux only supports capabilities. Period. End of Story. Will not change. Module stacking will not be implemented. You may wish to look at the following patch which was implemented upstream to allow for user selection of SMACK vs. SELinux http://lwn.net/Articles/272585/ I want to remove the whole concept of 'secondary' modules as a general idea since the ONLY module supported is capabilities why not just have everything hook directly into capabilities and stop pretending that other secondary modules are possible.... I see no bug here. do whatever SMACK does.
Closing as not a bug for now. If you better explain the issue I might be able to help.