On Wed, Oct 26, 2011 at 2:49 PM, Tetsuo Handa
> Akemi Yagi wrote:
>> > I'm providing 2 alternatives. One is TOMOYO 1.x (out of tree patches that
>> > require recompilation of kernel source package but can keep kernel ABI) and the
>> > other is AKARI (subset of TOMOYO 1.x but is a loadable kernel module).
>> > http://akari.sourceforge.jp/comparison.html >>
>> I checked the config options required for AKARI. Of the 5 options
>> listed, one is not set in the current EL6 kernel:
>> # CONFIG_SECURITY_PATH is not set
>> You mentioned CONFIG_SECURITY_PATH is the one that breaks the kABI.
> CONFIG_SECURITY_PATH is the one that is mandatory for TOMOYO 2.x but breaks the
> kABI. But CONFIG_SECURITY_PATH is optional for AKARI. AKARI was designed to be
> usable on RHEL kernels without changing kernel config or patching to source.
I see. Then the AKARI kernel module will be a good (perfect?)
candidate for ELRepo.
>> But TOMOYO 1.x would not?
> TOMOYO 1.x does not need CONFIG_SECURITY_PATH because TOMOYO 1.x adds a new set
> of hooks similar to CONFIG_SECURITY_PATH. Thus, the kABI is preserved but
> TOMOYO 1.x needs patching to source.
In this case, the cplus kernel can accommodate TOMOYO 1.x. Can you
think of any reason it cannot? Anything else to consider?
On a not so important subject, is TOMOYO written as 友代, and AKARI as 明 ? 灯り ?