Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#2354 - change CONFIG_SECURITY_CAPABILITIES to module in kernel configuration

Attached to Project: Arch Linux
Opened by Tobias Kieslich (tobias) - Friday, 11 March 2005, 18:29 GMT
Task Type Feature Request
Category Packages: Current
Status Closed
Assigned To Judd Vinet (judd)
Architecture not specified
Severity Low
Priority Normal
Reported Version 0.7 Wombat
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Changing the CONFIG_SECURITY_CAPABILITIES form built in to module allows to compile and use realtime-lsm which you can find here:
http://www.justdreams.de/archlinux/downloads/realtime-lsm/
this module allows, when started with `modprobe realtime gid=92` to request realtime capabilities from the kernel for all users that are in the group 92 (audio).
This is useful for any audio application that uses jack server.
On the shortcoming side, the module capability isn't automatically loaded on request (you need it for vsftpd eg.) at least it failed for me and I have no clue where I can start to search. Dependend modules load it automatically, but for applications that need the capabilities the kernel doesn't do it automatically. Dunno how to handle it.
This task depends upon

Closed by  Judd Vinet (judd)
Saturday, 18 June 2005, 09:47 GMT
Reason for closing:  Fixed
Comment by Judd Vinet (judd) - Monday, 14 March 2005, 18:49 GMT
So when the capabilities module is loaded, the realtime module will not load/work?
Comment by Tobias Kieslich (tobias) - Monday, 14 March 2005, 19:25 GMT
nope, some apps like vsftpd rely on the capabilities beeing present in the system. But when vsftpd is started, the kernel does not load the capability module automatically. When you modprobe realtime it automatically loads all dependend modules which are commoncap and capability, iirc.
The problem is not realtime itself, the problem is that capability when built as module is not loaded by the kernel automatically when ann application needs it.
I hope I made it clear, If not we talk on IRC ;)
Comment by Rhian Resnick (scuba2deth) - Thursday, 24 March 2005, 02:55 GMT
I made the first request for CONFIG_SECURITY_CAPABILITES. If you could build it as a module and not a builtin that would work better for me. Since Dazuko (A file security module) now requires that the SECURITY_CAPABILITIES be compiled as a module. (I didn't mention it in my feature request because I didn't know it mattered at the time) When I custome compile the kernel I always just added CONFIG_SECURITY_CAPABILITIES=M)

Thanks Scuba2deth
Comment by Judd Vinet (judd) - Thursday, 24 March 2005, 18:56 GMT
So the realtime module depends on the capability module? Perhaps I could just load the capability module at boot-up then, if it's always going to be needed.

Thoughts?
Comment by Tobias Kieslich (tobias) - Thursday, 24 March 2005, 22:40 GMT
right, realtime depends on it. I did some test and it works like that:
If you have not realtime installed, a simple "modprobe capability" on startup solves the issue. If you have realtime-lsm installed "modprobe capability" asks for an argument and thus fails. So you have to type "modprobe realtime gid=92" instead of "modprobe capability". I dunno what kind of weird dependencies this are ...
Comment by Tobias Kieslich (tobias) - Wednesday, 15 June 2005, 11:00 GMT
Doing some further investigations on that, I proved myself to be wrong.
realtime does not depend on capability it rather conflicts with it. Whenever one of them is loaded, modprobing the other fails with an "Invalid argument". Some further thoughts and possible workarounds are here:
http://bbs.archlinux.org/viewtopic.php?p=93658#93658
Comment by Judd Vinet (judd) - Saturday, 18 June 2005, 09:47 GMT
neri says I can close this now that 2.6.12 is out. hip hip.

Loading...