Karanbir Singh wrote: > so, lets make room for a kernel-<ver>-<rel>.tomoyo perhaps. Is that > config option the only real change needed ? Thanks. CONFIG_SECURITY_PATH=y and CONFIG_SECURITY_TOMOYO=y are needed. > Over a period of time, how are RH patches likely to impact this ? Distributor's patches unlikely break CONFIG_SECURITY_TOMOYO because TOMOYO 2.x is in-tree. However, RH heavily backports features from later kernels to RHEL. I guess RH would backport RCU path walk patchset (which breaks TOMOYO 2.2) to RHEL 6. If such backport happens, kernel-<ver>-<rel>.tomoyo can no longer be provided without kernel patches. TOMOYO 2.x is already enabled in Ubuntu, Debian, openSUSE etc. But RH would be the last distribution that enables TOMOYO because RH drives SELinux. I proposed TOMOYO 2.x for Fedora but was rejected. I'm providing 2 alternatives. One is TOMOYO 1.x (out of tree patches that require recompilation of kernel source package but can keep kernel ABI) and the other is AKARI (subset of TOMOYO 1.x but is a loadable kernel module). http://akari.sourceforge.jp/comparison.html Given above circumstances/risks, do we think we should make room for a kernel-<ver>-<rel>.tomoyo ?