On Wed, 2004-06-02 at 18:46, maillist@xxxxxxxxxx wrote: > because lacks of sys_call_table in kernel 2.6 and other > I must "downgrade" kernel on fc2 from 2.6 to 2.4, > but selinux should works furtheron. If that is the only reason that you don't want to use 2.6, then you might want to reconsider. You can certainly discover the location of the system call table at module insertion time, but you should really consider rewriting your module to use a better technique. > Is the nsa patch and the clean kernel enough > (http://www.nsa.gov/selinux/code/download3.cfm), > or any|all of the fc1 patches must be apply to works properly? The NSA patch is relative to the ea+acl+nfsacl+sec patch from acl.bestbits.at, since SELinux now relies on extended attributes for file security contexts. Hence, you would first apply the EA patch and then apply the NSA patch. Not sure about the other kernel patches in the FC1 2.4 kernel. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
