[PlanetCCRMA] realtime-lsm module with fc2
martin rumori
lists@rumori.de
Thu Oct 7 15:41:02 2004
On Wed, Oct 06, 2004 at 06:03:26PM -0700, Fernando Pablo Lopez-Lezcano wrote:
> > FATAL: Error inserting realcap (/lib/modules/2.6.7-1.437.1.ll.rhfc2.ccrma/kernel/security/realcap.ko): Invalid argument
> >
> > is this the right module?
>
> It is the right module, and I think "gid" is the right parameter name.
> Are you sure /etc/groups contains group 29? It seems to work for me
> here, but the machine I'm testing on is not booting into that particular
> kernel.
o.k., thank you. it wasn't related to any specific group, 29 was just
an arbitrary example in this case. same problem appears with allcaps
or whatever.
the culprit is the "capability" module, which must not be loaded when
trying to load realcap, apparently (since selinux allows just one
secondary security module). the "capability" module is needed
e. g. for ntpd, in order to drop root privs. fortunetaly, the realcap
module has the same effect, it just has to be loaded before ntpd. i
changed the /etc/rcx.d/ link from S87realcap to S57realcap in order to
do this.
thanks a lot!
bests,
martin