Building Hello World LSM

Dave Tian dave.jing.tian at gmail.com
Tue Jan 20 15:11:18 EST 2015


Tested on Fedora 21 using kernel 3.18.3 and there is nothing wrong with LSM. Please make sure your hello world was compiled and built-in.
Yes, LSM now only support built-in, not module.

-daveti


> On Jan 20, 2015, at 3:43 AM, Thomas F. J.-M. Pasquier <tfjmp2 at cam.ac.uk> wrote:
> 
> Hi,
> 
> I am able to re-build with SELinux now and that's working (using config from /boot/). However, when building with helloworld LSM it does not seem to be working. I can indeed see the "Security Framework initialized", but none of the printk present in my module. I will be doing more test today.
> 
> I think LSM should not appear in modprobe as they are not loaded anymore. Am I missing something or is this correct?
> 
> Thanks,
> Thomas
> 
> On Mon Jan 19 2015 at 3:45:15 PM Dave Tian <dave.jing.tian at gmail.com <mailto:dave.jing.tian at gmail.com>> wrote:
> LSM does not support dynamic module loading now.
> 
> I have tried to create a new LSM based on yama and boot it as the default on my Ubuntu 14.04 (kernel 3.13). It works smoothly. I have NOT tried Fedora with kernel 3.18 yet but I do not think there would be some changes breaking LSM, which has been there for years…Would you please recheck your Kconfig and Makefile? At least, you should see the logging “Security Framework initialized" from dmesg, saying the LSM is init’d, after which your LSM should be  loaded presumably.
> 
> -daveti
> 
> > On Jan 18, 2015, at 9:33 PM, Valdis.Kletnieks at vt.edu <mailto:Valdis.Kletnieks at vt.edu> wrote:
> >
> > On Sun, 18 Jan 2015 23:49:31 +0000, "Thomas F. J.-M. Pasquier" said:
> >
> >> I am trying to build a skeleton LSM module, but I am not having much luck
> >> so far. The problem seems to be that the LSM init function is never called.
> >
> > What does 'modprobe' report?  Anything in dmesg?
> > _______________________________________________
> > Kernelnewbies mailing list
> > Kernelnewbies at kernelnewbies.org <mailto:Kernelnewbies at kernelnewbies.org>
> > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies <http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20150120/d46316fe/attachment.html 


More information about the Kernelnewbies mailing list