Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved]Cannot add kernel config entry with menuconfig
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
houqp
n00b
n00b


Joined: 22 Feb 2011
Posts: 28
Location: China

PostPosted: Wed Mar 16, 2011 6:30 am    Post subject: [Solved]Cannot add kernel config entry with menuconfig Reply with quote

Hi, all

I want to have this entry added to .config file:
Code:
CONFIG_IMA_LSM_RULES=y

But when I search "ima_lsm" in menuconfig, the search result only contain two lines:
Code:
Symbol: IMA_LSM_RULES [=n]
TYPE   : boolean

Thus I have no idea of where to find the location of this entry in the menu.


Last edited by houqp on Wed Mar 16, 2011 4:57 pm; edited 1 time in total
Back to top
View user's profile Send private message
houqp
n00b
n00b


Joined: 22 Feb 2011
Posts: 28
Location: China

PostPosted: Wed Mar 16, 2011 6:40 am    Post subject: Reply with quote

I manually added CONFIG_IMA_LSM_RULES=y to .config file and run menuconfig. But when I search in menuconfig, I still got Symbol: IMA_LSM_RULES [=n].
Back to top
View user's profile Send private message
Goverp
Veteran
Veteran


Joined: 07 Mar 2007
Posts: 1972

PostPosted: Wed Mar 16, 2011 11:42 am    Post subject: You may need different kernel sources Reply with quote

Using the search in "make xconfig" gives a bit more info - like where the config options are defined - but doesn't help much.

CONFIG_IMA is defined in "Security options", which is just after Kernel hacking; you need "Security options->Enable different security models" to see it. However, that's not enough.

Google shows you also need CONFIG_AUDIT which is in "General setup". Adding that still doesn't make CONFIG_IMA_LSM_RULES appear for me. The Google entries say it's also dependent on either SELINUX or SMACK. Those are alternatives in the "Security options" section, only they cannot be enabled on my gentoo-sources kernel. Looking at the Gentoo kernel guide, you need hardened-sources to have that.

In summary, I think you're using gentoo-sources or vanilla-sources, but you need hardened-sources. Then you can enable SELINUX or SMACK, and so forth as above.
_________________
Greybeard
Back to top
View user's profile Send private message
houqp
n00b
n00b


Joined: 22 Feb 2011
Posts: 28
Location: China

PostPosted: Wed Mar 16, 2011 3:15 pm    Post subject: Reply with quote

Thanks Goverp! I should have googled it out by myself. ;-)
Yes, I am using gentoo sources. I will try hardened source later!
Back to top
View user's profile Send private message
houqp
n00b
n00b


Joined: 22 Feb 2011
Posts: 28
Location: China

PostPosted: Wed Mar 16, 2011 4:56 pm    Post subject: Re: You may need different kernel sources Reply with quote

Goverp wrote:
Using the search in "make xconfig" gives a bit more info - like where the config options are defined - but doesn't help much.
In summary, I think you're using gentoo-sources or vanilla-sources, but you need hardened-sources. Then you can enable SELINUX or SMACK, and so forth as above.

After switch to official kernel it is now set to "y".
Actually, the dependence can be found in /usr/src/linux/security/integrity/ima/Kconfig:
Code:
config IMA_LSM_RULES
        bool
        depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
        default y
        help
          Disabling this option will disregard LSM based policy rules.


Thanks again for your help Goverp!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum