On Fri, 2008-02-08 at 15:06 +0900, Dietrich Bollmann wrote: > Hi, > > I would like to use the new vanilla 2.6.24 kernel with the > realtime-lsm module.
Probably I should also mention that I am using Ingo Molnar's realtime preemption patch (which relies on the vanilla kernel): - kernel: http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.tar.bz2 - realtime preemption patch: http://www.kernel.org/pub/linux/kernel/projects/rt/patch-2.6.24-rt1.bz2 > But it seems to be not possible anymore to configure the vanilla > 2.6.24 kernel to compile the security capabilities as module as > described in the README for the Debian realtime-lsm package in > /usr/share/doc/realtime-lsm/README.Debian . > > Should I > > - wait for an update of the realtime-lsm module? > - try one of > - CONFIG_SECURITY_CAPABILITIES=y > - # CONFIG_XFRM_SUB_POLICY is not set Sorry, I meant: - # CONFIG_SECURITY_CAPABILITIES is not set > - CONFIG_SECURITY_CAPABILITIES=m > - do something else? Thanks again, Dietrich I also append the README from the realtime-lsm package ( /usr/share/doc/realtime-lsm/README.Debian ): --- The realtime kernel module for Debian ------------------------------------- The default configuration allows all users in the audio group (or applications that are setgid audio) to access the kernel with higher scheduling priority and to lock their memory. The default configuration gives you maximum security and performance. In order to change this behaviour you can edit the /etc/default/realtime file. Debian kernels are built in a way that won't allow you to use the realtime-lsm module. In order to use it, you have to build your own kernel, and configure the CONFIG_SECURITY_CAPABILITIES as a module. The easiest way is to install the Debian linux-source package corresponding to your kernel, unpack it in /usr/src and copy the configuration like this: cat /boot/config-2.6.17-1-686 | sed s/CONFIG_SECURITY_CAPABILITIES=y/CONFIG_SECURITY_CAPABILITIES=m/ > /usr/src/linux-source-2.6.17/.config Adapt the kernel version according to yours. You can also do this step manually, by copying the configuration from /boot/ or configuring yourself, just make sure that CONFIG_SECURITY_CAPABILITIES=m, thats the whole point of it. Build the new kernel with > make-kpkg --initrd --revision 1 --append-to-version -1-lsm kernel_image and install the resulting .deb. Afer that, you can build the realtime-lsm with module-assistant: > m-a build realtime-lsm or build it with make-kpkg: Make sure your version.h is up to date (in case you did not compile the source) > make modules_prepare compile: > make-kpkg modules-image and install it: dpkg -i /usr/src/realtime-lsm-module-*.deb -- Guenter Geiger (Debian/GNU) <...snip...>, Wed, 24 Mar 2004 16:12:32 +0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
