Re: Building Hello World LSM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

After some (probably a bit more than a few) hours scratching my head, my problem was indeed a misconfiguration. The module was built, but never set as default despite appearing as such in the config (lesson learned be extra careful with Makefile and Kconfig files).

Thank you everyone for your help and advices, at the end of the day it boiled down to my own stupidity/lack of attention.

On Tue Jan 20 2015 at 20:11:22 Dave Tian <dave.jing.tian@xxxxxxxxx> wrote:
Tested on Fedora 21 using kernel 3.18.3 and there is nothing wrong with LSM. Please make sure your hello world was compiled and built-in.
Yes, LSM now only support built-in, not module.

-daveti


On Jan 20, 2015, at 3:43 AM, Thomas F. J.-M. Pasquier <tfjmp2@xxxxxxxxx> wrote:

Hi,

I am able to re-build with SELinux now and that's working (using config from /boot/). However, when building with helloworld LSM it does not seem to be working. I can indeed see the "Security Framework initialized", but none of the printk present in my module. I will be doing more test today.

I think LSM should not appear in modprobe as they are not loaded anymore. Am I missing something or is this correct?

Thanks,
Thomas

On Mon Jan 19 2015 at 3:45:15 PM Dave Tian <dave.jing.tian@xxxxxxxxx> wrote:
LSM does not support dynamic module loading now.

I have tried to create a new LSM based on yama and boot it as the default on my Ubuntu 14.04 (kernel 3.13). It works smoothly. I have NOT tried Fedora with kernel 3.18 yet but I do not think there would be some changes breaking LSM, which has been there for years…Would you please recheck your Kconfig and Makefile? At least, you should see the logging “Security Framework initialized" from dmesg, saying the LSM is init’d, after which your LSM should be  loaded presumably.

-daveti

> On Jan 18, 2015, at 9:33 PM, Valdis.Kletnieks@xxxxxx wrote:
>
> On Sun, 18 Jan 2015 23:49:31 +0000, "Thomas F. J.-M. Pasquier" said:
>
>> I am trying to build a skeleton LSM module, but I am not having much luck
>> so far. The problem seems to be that the LSM init function is never called.
>
> What does 'modprobe' report?  Anything in dmesg?
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies


_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux