On Wed, Oct 26, 2011 at 2:49 PM, Tetsuo Handa
<from-centos@i-lo...> wrote:
> Akemi Yagi wrote:
>> > I'm providing 2 alternatives. One is TOMOYO 1.x (out of tree patches that
>> > require recompilation of kernel source package but can keep kernel ABI) and the
>> > other is AKARI (subset of TOMOYO 1.x but is a loadable kernel module).
>> > http://akari.sourceforge.jp/comparison.html
>>
>> I checked the config options required for AKARI. Of the 5 options
>> listed, one is not set in the current EL6 kernel:
>>
>> # CONFIG_SECURITY_PATH is not set
>>
>> You mentioned CONFIG_SECURITY_PATH is the one that breaks the kABI.
>
> CONFIG_SECURITY_PATH is the one that is mandatory for TOMOYO 2.x but breaks the
> kABI. But CONFIG_SECURITY_PATH is optional for AKARI. AKARI was designed to be
> usable on RHEL kernels without changing kernel config or patching to source.

I see. Then the AKARI kernel module will be a good (perfect?)
candidate for ELRepo.

>> But TOMOYO 1.x would not?
>
> TOMOYO 1.x does not need CONFIG_SECURITY_PATH because TOMOYO 1.x adds a new set
> of hooks similar to CONFIG_SECURITY_PATH. Thus, the kABI is preserved but
> TOMOYO 1.x needs patching to source.

In this case, the cplus kernel can accommodate TOMOYO 1.x. Can you
think of any reason it cannot? Anything else to consider?

On a not so important subject, is TOMOYO written as 友代, and AKARI as 明 ? 灯り ?

Akemi
_______________________________________________
CentOS-devel mailing list
CentOS-devel@cent...
http://lists.centos.org/mailman/listinfo/centos-devel