Hi,
because lacks of sys_call_table in kernel 2.6 and other I must "downgrade" kernel on fc2 from 2.6 to 2.4, but selinux should works furtheron.
Are there steps of particular importance to be taken?
Should I prefer the clean kernel from kernel.org, or one from fc1 ( which one? src.rpm's ?) ?
Is the nsa patch and the clean kernel enough (http://www.nsa.gov/selinux/code/download3.cfm), or any|all of the fc1 patches must be apply to works properly?
TIA Marco
On Thu, 3 Jun 2004 08:46, maillist@wolke7.net wrote:
because lacks of sys_call_table in kernel 2.6 and other I must "downgrade" kernel on fc2 from 2.6 to 2.4, but selinux should works furtheron.
Are there steps of particular importance to be taken?
Should I prefer the clean kernel from kernel.org, or one from fc1 ( which one? src.rpm's ?) ?
Red Hat has never released a 2.4.x kernel with SE Linux support and has no plans to ever do so. If you want to use SE Linux on a 2.4.x kernel then you need to download the kernel source from kernel.org and patch it with EA/SECATTR patches and the LSM (SE Linux) patch.
On Wed, 2004-06-02 at 18:46, maillist@wolke7.net wrote:
because lacks of sys_call_table in kernel 2.6 and other I must "downgrade" kernel on fc2 from 2.6 to 2.4, but selinux should works furtheron.
If that is the only reason that you don't want to use 2.6, then you might want to reconsider. You can certainly discover the location of the system call table at module insertion time, but you should really consider rewriting your module to use a better technique.
Is the nsa patch and the clean kernel enough (http://www.nsa.gov/selinux/code/download3.cfm), or any|all of the fc1 patches must be apply to works properly?
The NSA patch is relative to the ea+acl+nfsacl+sec patch from acl.bestbits.at, since SELinux now relies on extended attributes for file security contexts. Hence, you would first apply the EA patch and then apply the NSA patch. Not sure about the other kernel patches in the FC1 2.4 kernel.
selinux@lists.fedoraproject.org