Linux Security Modules framework networking hooks (CONFIG_SECURITY_NETWORK) not enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-source-2.6.15 (Ubuntu) |
Fix Released
|
Wishlist
|
Fabio Massimo Di Nitto |
Bug Description
The LSM framework h¡networking hooks are not enabled, which prevents SELinux and
any other module or engine using the framework itself to access these (critical)
hooks used to implement fine-grained control over netlink classes, sockets, etc.
A simple grep'ing of the linux-image-
CONFIG_SECURITY=y
# CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
# CONFIG_
CONFIG_
should be enabled for those who want to play around it.
This should be solved before final release if possible because it's a blocking
issue which can lead to confusion for everyone relying in these hooks, I
apologize for not noticing it before the FF (I was running a kernel of my own,
so, I just noticed it when trying to do some LSM work after installing 2.6.10
image).
Cheers,
Lorenzo.
Downgrading since this isn't a release goal.
As can be seen on the release schedule, we are in a high-caution period leading
up to the preview release, and only things which are critical for the preview
release will be changed at this time.
After the preview release, the kernel team can evaluate whether this is a safe
change to enable, and we can consider making the change at that time.