TOMOYO's pull request for v6.12
Serge E. Hallyn
serge at hallyn.com
Sun Oct 6 00:02:06 UTC 2024
On Sat, Oct 05, 2024 at 07:28:35PM +0200, Simon Thoby wrote:
...
> Perhaps you would be better served by providing your users with a snippet of documentation
> explaining how to configure MOK and to rebuild the RHEL kernel with TOMOYO enabled?
> To be fair, I know that your customers may find this a time-consuming ordeal compared to using
> the official kernel - especially as you want to keep up with the frequent updates.
Tetsuo's problem, AIUI, is not that it's difficult to rebuild the kernel enabling
tomoyo, it's that once his customers do so, RedHat will not support/debug in case
of failures.
> But OTOH that's not end-of-the-world complexity either, which makes it fine for occasional use,
> e.g. to behave like "a sort of system-wide strace-like profiler" (I'm guessing your customers
> are only doing this operation from time to time, not continuously in production).
> There's no perfect solution I guess, but to keep lobbying distributors to enabled TOMOYO
> in their kernels.
>
> Simon
More information about the Linux-security-module-archive
mailing list