Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki)

[Adam Jerome]

Sat, Feb 9, 2008 at  3:36 AM, John Ogness <address@hidden> wrote: 
> On 2008-02-08, Alon Bar-Lev <address@hidden> wrote:
>>> The current release of Dazuko uses LSM to intercept file access
>>> events. As of 2.6.24, LSM modules may no longer be kernel
>>> modules. They _must_ be statically compiled into the kernel.
>>
>> This may impose a serious problem with distributions... I don't know
>> if I will be able to push this into Gentoo users this way, and
>> Gentoo are one of the easiest with regards to patching.
> 
> Yes, it may cause problems for distributions. I am considering adding
> a kernel parameter so that Dazuko can be dynamically activated at boot
> (like SElinux). Then distributions would be able to include the patch,
> but leave Dazuko disabled. Users could then easily enable it with
> somthing like "dazuko=1" as a boot parameter.
> 
> The only alternative is to avoid LSM.

FYI... 

As for Novell/SuSE, I suspect that the work done by upstream to make
LSM static-link only will most likely be reverted for SLED/SLES 11.  
Meaning that LSM may continue to be a viable alternative for some time.

-Adam