Building Hello World LSM

Thomas F. J.-M. Pasquier tfjmp2 at cam.ac.uk
Wed Jan 21 15:31:36 EST 2015


After some (probably a bit more than a few) hours scratching my head, my
problem was indeed a misconfiguration. The module was built, but never set
as default despite appearing as such in the config (lesson learned be extra
careful with Makefile and Kconfig files).

Thank you everyone for your help and advices, at the end of the day it
boiled down to my own stupidity/lack of attention.

On Tue Jan 20 2015 at 20:11:22 Dave Tian <dave.jing.tian at gmail.com> wrote:

> Tested on Fedora 21 using kernel 3.18.3 and there is nothing wrong with
> LSM. Please make sure your hello world was compiled and built-in.
> Yes, LSM now only support built-in, not module.
>
> -daveti
>
>
> On Jan 20, 2015, at 3:43 AM, Thomas F. J.-M. Pasquier <tfjmp2 at cam.ac.uk>
> wrote:
>
> Hi,
>
> I am able to re-build with SELinux now and that's working (using config
> from /boot/). However, when building with helloworld LSM it does not seem
> to be working. I can indeed see the "Security Framework initialized", but
> none of the printk present in my module. I will be doing more test today.
>
> I think LSM should not appear in modprobe as they are not loaded anymore.
> Am I missing something or is this correct?
>
> Thanks,
> Thomas
>
> On Mon Jan 19 2015 at 3:45:15 PM Dave Tian <dave.jing.tian at gmail.com>
> wrote:
>
>> LSM does not support dynamic module loading now.
>>
>> I have tried to create a new LSM based on yama and boot it as the default
>> on my Ubuntu 14.04 (kernel 3.13). It works smoothly. I have NOT tried
>> Fedora with kernel 3.18 yet but I do not think there would be some changes
>> breaking LSM, which has been there for years…Would you please recheck your
>> Kconfig and Makefile? At least, you should see the logging “Security
>> Framework initialized" from dmesg, saying the LSM is init’d, after which
>> your LSM should be  loaded presumably.
>>
>> -daveti
>>
>> > On Jan 18, 2015, at 9:33 PM, Valdis.Kletnieks at vt.edu wrote:
>> >
>> > On Sun, 18 Jan 2015 23:49:31 +0000, "Thomas F. J.-M. Pasquier" said:
>> >
>> >> I am trying to build a skeleton LSM module, but I am not having much
>> luck
>> >> so far. The problem seems to be that the LSM init function is never
>> called.
>> >
>> > What does 'modprobe' report?  Anything in dmesg?
>> > _______________________________________________
>> > Kernelnewbies mailing list
>> > Kernelnewbies at kernelnewbies.org
>> > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20150121/04db63fc/attachment.html 


More information about the Kernelnewbies mailing list