View previous topic :: View next topic |
Author |
Message |
houqp n00b
Joined: 22 Feb 2011 Posts: 28 Location: China
|
Posted: Wed Mar 16, 2011 6:30 am Post subject: [Solved]Cannot add kernel config entry with menuconfig |
|
|
Hi, all
I want to have this entry added to .config file:
Code: | CONFIG_IMA_LSM_RULES=y |
But when I search "ima_lsm" in menuconfig, the search result only contain two lines:
Code: | Symbol: IMA_LSM_RULES [=n]
TYPE : boolean |
Thus I have no idea of where to find the location of this entry in the menu.
Last edited by houqp on Wed Mar 16, 2011 4:57 pm; edited 1 time in total |
|
Back to top |
|
|
houqp n00b
Joined: 22 Feb 2011 Posts: 28 Location: China
|
Posted: Wed Mar 16, 2011 6:40 am Post subject: |
|
|
I manually added CONFIG_IMA_LSM_RULES=y to .config file and run menuconfig. But when I search in menuconfig, I still got Symbol: IMA_LSM_RULES [=n]. |
|
Back to top |
|
|
Goverp Advocate
Joined: 07 Mar 2007 Posts: 2007
|
Posted: Wed Mar 16, 2011 11:42 am Post subject: You may need different kernel sources |
|
|
Using the search in "make xconfig" gives a bit more info - like where the config options are defined - but doesn't help much.
CONFIG_IMA is defined in "Security options", which is just after Kernel hacking; you need "Security options->Enable different security models" to see it. However, that's not enough.
Google shows you also need CONFIG_AUDIT which is in "General setup". Adding that still doesn't make CONFIG_IMA_LSM_RULES appear for me. The Google entries say it's also dependent on either SELINUX or SMACK. Those are alternatives in the "Security options" section, only they cannot be enabled on my gentoo-sources kernel. Looking at the Gentoo kernel guide, you need hardened-sources to have that.
In summary, I think you're using gentoo-sources or vanilla-sources, but you need hardened-sources. Then you can enable SELINUX or SMACK, and so forth as above. _________________ Greybeard |
|
Back to top |
|
|
houqp n00b
Joined: 22 Feb 2011 Posts: 28 Location: China
|
Posted: Wed Mar 16, 2011 3:15 pm Post subject: |
|
|
Thanks Goverp! I should have googled it out by myself.
Yes, I am using gentoo sources. I will try hardened source later! |
|
Back to top |
|
|
houqp n00b
Joined: 22 Feb 2011 Posts: 28 Location: China
|
Posted: Wed Mar 16, 2011 4:56 pm Post subject: Re: You may need different kernel sources |
|
|
Goverp wrote: | Using the search in "make xconfig" gives a bit more info - like where the config options are defined - but doesn't help much.
In summary, I think you're using gentoo-sources or vanilla-sources, but you need hardened-sources. Then you can enable SELINUX or SMACK, and so forth as above. |
After switch to official kernel it is now set to "y".
Actually, the dependence can be found in /usr/src/linux/security/integrity/ima/Kconfig:
Code: | config IMA_LSM_RULES
bool
depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
default y
help
Disabling this option will disregard LSM based policy rules. |
Thanks again for your help Goverp! |
|
Back to top |
|
|
|