[CentOS-devel] [C6] cr/SRPMS/Packages/ empty

Wed Oct 26 13:51:45 UTC 2011
Tetsuo Handa <from-centos at I-love.SAKURA.ne.jp>

Karanbir Singh wrote:
> so, lets make room for a kernel-<ver>-<rel>.tomoyo perhaps. Is that
> config option the only real change needed ?

Thanks. CONFIG_SECURITY_PATH=y and CONFIG_SECURITY_TOMOYO=y are needed.

> Over a period of time, how are RH patches likely to impact this ?

Distributor's patches unlikely break CONFIG_SECURITY_TOMOYO because TOMOYO 2.x
is in-tree. However, RH heavily backports features from later kernels to RHEL.
I guess RH would backport RCU path walk patchset (which breaks TOMOYO 2.2) to
RHEL 6. If such backport happens, kernel-<ver>-<rel>.tomoyo can no longer be
provided without kernel patches.

TOMOYO 2.x is already enabled in Ubuntu, Debian, openSUSE etc. But RH would be
the last distribution that enables TOMOYO because RH drives SELinux. I proposed
TOMOYO 2.x for Fedora but was rejected.

I'm providing 2 alternatives. One is TOMOYO 1.x (out of tree patches that
require recompilation of kernel source package but can keep kernel ABI) and the
other is AKARI (subset of TOMOYO 1.x but is a loadable kernel module).
http://akari.sourceforge.jp/comparison.html

Given above circumstances/risks, do we think we should make room for a
kernel-<ver>-<rel>.tomoyo ?