[CentOS-devel] [C6] cr/SRPMS/Packages/ empty

Tetsuo Handa from-centos at I-love.SAKURA.ne.jp
Wed Oct 26 17:49:46 EDT 2011


Akemi Yagi wrote:
> > I'm providing 2 alternatives. One is TOMOYO 1.x (out of tree patches that
> > require recompilation of kernel source package but can keep kernel ABI) and the
> > other is AKARI (subset of TOMOYO 1.x but is a loadable kernel module).
> > http://akari.sourceforge.jp/comparison.html
> 
> I checked the config options required for AKARI. Of the 5 options
> listed, one is not set in the current EL6 kernel:
> 
> # CONFIG_SECURITY_PATH is not set
> 
> You mentioned CONFIG_SECURITY_PATH is the one that breaks the kABI.

CONFIG_SECURITY_PATH is the one that is mandatory for TOMOYO 2.x but breaks the
kABI. But CONFIG_SECURITY_PATH is optional for AKARI. AKARI was designed to be
usable on RHEL kernels without changing kernel config or patching to source.

> But TOMOYO 1.x would not?

TOMOYO 1.x does not need CONFIG_SECURITY_PATH because TOMOYO 1.x adds a new set
of hooks similar to CONFIG_SECURITY_PATH. Thus, the kABI is preserved but
TOMOYO 1.x needs patching to source.


More information about the CentOS-devel mailing list