Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Howto compile my own module into the kernel
Operating Systems Linux Howto compile my own module into the kernel Post 302504978 by fpmurphy on Tuesday 15th of March 2011 10:06:47 PM
Old 03-15-2011
Quote:
The bad thing about it is: The function to set the hook to the LSM is not exported.
What distribution and version are you on? Which specific function is not exported?

LSM has a pretty complete abstraction layer to allow different security modules to be safely loaded and unloaded without messing with the kernel directly. Look at struct security_operations in /include/linux/security.h to see the huge number of function pointers available to you.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Howto locate locally installed Perl module for a CGI script in APACHE .htaccess

Hi, I have the following simple CGI script, just containg header: #!/usr/bin/perl -w use CGI ':standard'; use lib "/home/myname/lib/perl5/site_perl/5.8.5/"; use Mail::Sendmail; I also have included this directive in ~/public_html/.htaccess : SetEnv PERL5LIB... (0 Replies)
Discussion started by: monkfan
0 Replies

2. SuSE

max number of slabs per kernel module (kernel 2.6.17, suse)

Hi All, Is there a max number of slabs that can be used per kernel module? I'm having a tough time finding out that kind of information, but the array 'node_zonelists' (mmzone.h) has a size of 5. I just want to avoid buffer overruns and other bad stuff. Cheers, Brendan (4 Replies)
Discussion started by: Brendan Kennedy
4 Replies

3. Linux

How to convert Linux Kernel built-in module into a loadable module

Hi all, I am working on USB data monitoring on Fedora Core 9. Kernel 2.6.25 has a built-in module (the one that isn't loadable, but compiles and links statically with the kernel during compilation) to snoop USB data. It is in <kernel_source_code>/drivers/usb/mon/. I need to know if I can... (0 Replies)
Discussion started by: anitemp
0 Replies

4. Linux

Compile new kernel in Fedora 5

Hi All, I try to compile new kernel in FC5. New kernel version - 2.6.20.21 Operating System - Fedora 5 I have followed these steps, make menuconfig make make modules make modules_install make install Then i have changed the grub.cong and reboot the system with new kernel. The... (0 Replies)
Discussion started by: viveksnv
0 Replies

5. Debian

compile kernel with OFED

Hello Friends, I know how to compile the kernel . But I don't know how to compile the kernel with OFED. Can any one assist me on that. Or can anyone send me the link. Thank you. (0 Replies)
Discussion started by: pradeepreddy
0 Replies

6. Linux

kernel compile

Dear experts, How can compile the kernel as application mode? Thanks in advance. (2 Replies)
Discussion started by: Zaxon
2 Replies

7. Ubuntu

Kernel compile error

Hi I'm compiling a real-time kernel in linux, but after I type make bzImage things end with this: (Things going well doing CC and things).... CC arch/x86/kernel/kgdb.o CC arch/x86/kernel/vm86_32.o CC arch/x86/kernel/early_printk.o CC arch/x86/kernel/ipipe.o... (2 Replies)
Discussion started by: mdop
2 Replies

8. Ubuntu

Compile smbfs module in kernel version 3.10 running Ubuntu 12.04 LTS

Is there any way to compile smbfs module in kernel 3.10 running Ubuntu 12.04 LTS. I did a 'make menuconfig' and it shows cifs. I found out online that smbfs is deprecated and replaced by cifs. I have an old system with kernel version 2.4 which only has smbfs (no cifs). Is it possible to compile... (1 Reply)
Discussion started by: Monil
1 Replies

9. Linux

Unload kernel module at boot time (Debian Wheezy 7.2, 3.2.0-4-686-pae kernel)

Hi everyone, I am trying to prevent the ehci_hcd kernel module to load at boot time. Here's what I've tried so far: 1) Add the following line to /etc/modprobe.d/blacklist.conf (as suggested here): 2) Blacklisted the module by adding the following string to 3) Tried to blacklist the module... (0 Replies)
Discussion started by: gacanepa
0 Replies

10. Solaris

Compile PHP as an Apache module on Solaris

Hi, I need to install php 5.5.30 as an apache (2.4.17) module on Solaris 10. Please any help is wellcome. Some aditional info: /usr/sfw/bin/gcc -v Reading specs from /usr/sfw/lib/gcc/sparc-sun-solaris2.10/3.4.3/specs bash-3.2# g++ -v Reading specs from... (0 Replies)
Discussion started by: lbslbs
0 Replies

LEARN ABOUT CENTOS

netlabelctl

netlabelctl(8)						      NetLabel Documentation						    netlabelctl(8)

NAME

       netlabelctl - NetLabel management utility

SYNOPSIS

       netlabelctl [<global_flags>] <module> [<module_commands>]

DESCRIPTION

       The  NetLabel  management utility, netlabelctl, is a command line program designed to allow system administrators to configure the NetLabel
       system in the kernel.  The utility is based around different "modules" which correspond to the different types of  NetLabel  commands  sup-
       ported by the kernel.

OPTIONS

   Global Flags
       -h   Help message

       -p   Attempt to make the output human readable or "pretty"

       -t <seconds>
	    Set a timeout to be used when waiting for the NetLabel subsystem to respond

       -v   Enable extra output

       -V   Display the version information

   Modules and Commands
       mgmt

       The  management module is used to perform general queries about the NetLabel subsystem within the kernel.  The different commands and their
       syntax are listed below.

       version
	      Display the kernel's NetLabel management protocol version.

       protocols
	      Display the kernel's list of supported labeling protocols.

       map

       The domain mapping module is used to map different NetLabel labeling protocols to either individual LSM domains or the default domain  map-
       ping.  It is up to each LSM to determine what defines a domain.	With SELinux, the normal SELinux domain should be used, i.e. "ping_t".	In
       addition to protocol selection based only on the LSM domain, it is also possible to select the labeling protocol  based	on  both  the  LSM
       domain  and  destination  address.  The network address selectors can specify either single hosts or entire networks and work for both IPv4
       and IPv6, although the labeling protocol chosen must support the IP version chosen.  When specifying the labeling protocol to use for  each
       mapping there is an optional "extra" field which is used to further identify the specific labeling protocol configuration.  When specifying
       the unlabeled protocol, "unlbl", there is no extra identification needed.  When specifying the  CIPSO/IPv4  protocol,  "cipsov4",  the  DOI
       value should be specified; see the EXAMPLES section for details.  The different commands and their syntax are listed below.

       add default|domain:<domain> [address:<ADDR>[/<MASK>]] protocol:<protocol>[,<extra>]
	      Add a new LSM domain / network address to NetLabel protocol mapping.

       del default|domain:<domain>
	      Delete an existing LSM domain to NetLabel protocol mapping.

       list
	      Display all of the configured LSM domain to NetLabel protocol mappings.

       unlbl

       The  unlabeled  (unlbl)	module controls the unlabeled protocol which is used both when labeling outgoing traffic is not desired as well as
       when unlabeled traffic is received by the system.  This module allows administrators to block all unlabeled packets from the system through
       the  "accept"  flag  and assign static, or fallback, security labels to unlabeled traffic based on the inbound network interface and source
       address.

       accept on|off
	      Toggle the unlabeled traffic accept flag.

       add default|interface:<dev> address:<addr>[/<mask>] label:<label>
	      Add a new static/fallback entry.

       del default|interface:<dev> address:<addr>[/<mask>]
	      Delete an existing static/fallback entry.

       list
	      Display the status of the unlabeled accept flag.

       cipsov4

       The CIPSO/IPv4 (cipsov4) module controls the CIPSO/IPv4 labeling engine in the kernel.  The CIPSO/IPv4 engine provided by NetLabel supports
       multiple  Domains Of Interpretation (DOI) and the CIPSO/IPv4 module allows for different configurations for each DOI.  At present there are
       three types of configurations, the "trans" configuration which allows on-the-fly translation of MLS sensitivity labels, the "pass" configu-
       ration  which  does not perform any translation of the MLS sensitivity label and the "local" configuration which conveys the full LSM secu-
       rity label over localhost/loopback connections.	Regardless of which configuration type is chosen a DOI value must be specified and if  the
       "trans"	or "pass" configurations are specified then a list of the CIPSO/IPv4 tag types to use when generating the CIPSO/IPv4 packet labels
       must also be specified.	The list of CIPSO/IPv4 tags is ordered such that when possible the first tag type listed is used when a CIPSO/IPv4
       label is generated.  However, if it is not possible to use the first tag type then each tag type is checked, in order, until a suitable tag
       type is found.  If a valid tag type can not be found then the operation causing the CIPSO/IPv4 label will fail, typically this occurs when-
       ever a new socket is created.  The different commands and their syntax are listed below.

       add trans doi:<DOI> tags:<T1>,<Tn> levels:<LL1>=<RL1>,<LLn>=<RLn> categories:<LC1>=<RC1>,<LCn>=<RCn>
	      Add a new CIPSO/IPv4 configuration using the standard/translated mapping with the given level and category translations.	The levels
	      are translated in such a way that the local level "LLn" is translated to the remote, on-the-wire level of "RLn"; the reverse  trans-
	      lation  is done for incoming packets.  The same translation is done for the categories using "LCn" and "RCn".  In order for a packet
	      to be accepted, or a socket created by an application, there must be a translation for the sensitivity level and all the	categories
	      present in the MLS sensitivity label; if the entire requested sensitivity label can not be translated the application will fail.

       add pass doi:<DOI> tags:<T1>,<Tn>
	      Add a new CIPSO/IPv4 configuration without any level or category translations.

       add local doi:<DOI>
	      Add a new CIPSO/IPv4 configuration for localhost/loopback connections.

       del doi:<DOI>
	      Delete an existing CIPSO/IPv4 configuration with the given DOI value.  If any LSM domain mappings are present which make use of this
	      DOI they will also be deleted.

       list [doi:<DOI>]
	      Display a list of all the CIPSO/IPv4 configurations or just the configuration matching the optionally specified DOI.

EXIT STATUS

       Returns zero on success, errno values on failure.

EXAMPLES

       netlabelctl cipsov4 add pass doi:16 tags:1
	    Add a CIPSO/IPv4 configuration with a DOI value of "16", using CIPSO tag "1" (the permissive bitmap tag).	The  CIPSO  and  LSM  lev-
	    els/categories are passed through the NetLabel subsystem without any translation.

       netlabelctl cipsov4 add trans doi:8 tags:1 levels:0=0,1=1 categories:0=1,1=0
	    Add  a  CIPSO/IPv4 configuration with a DOI value of "8", using CIPSO tag "1" (the permissive bitmap tag).	The specified mapping con-
	    verts local LSM levels "0" and "1" to CIPSO levels "0" and "1" respectively while local LSM categories "0" and "1" are mapped to CIPSO
	    categories "1" and "0" respectively.

       netlabelctl -p cipsov4 list
	    Display all of the CIPSO/IPv4 configurations in a human readable format.

       netlabelctl -p cipsov4 list doi:16
	    Display specific information about the CIPSO/IPv4 DOI 16 configuration.

       netlabelctl cipsov4 del doi:8
	    Delete the CIPSO/IPv4 configuration assigned to DOI 8.  In addition to removing the CIPSO/IPv4 configuration any domain mappings using
	    this configuration will also be removed.

       netlabelctl map add domain:lsm_domain protocol:cipsov4,8
	    Add a domain mapping so that all outgoing packets sent from the "lsm_domain" will be labeled  according  to  the  CIPSO/IPv4  protocol
	    using DOI 8.

       netlabelctl map add domain:lsm_domain address:192.168.1.0/24 protocol:cipsov4,8
	    Add  a  mapping so that all outgoing packets sent from the "lsm_domain" to the 192.168.1.0/24 network will be labeled according to the
	    CIPSO/IPv4 protocol using DOI 8.

       netlabelctl -p map list
	    Display all of the domain mappings in a human readable format.

       netlabelctl del domain:lsm_domain
	    Delete the domain mapping for the "lsm_domain", packets sent from the "lsm_domain" will fallback to the default NetLabel mapping.

       netlabelctl unlbl add interface:lo address:::1 label:foo
	    Add a static/fallback label to assign the "foo" security label to unlabeled packets entering  the  system  over  the  "lo"	(loopback)
	    interface with an IPv6 source address of "::1" (localhost).

       netlabelctl unlbl add default address:192.168.0.0/16 label:bar
	    Add  a  static/fallback  label  to assign the "bar" security label to unlabeled packets entering the system over any interface with an
	    IPv4 source address in the 192.168.0.0/16 network.

NOTES

       The NetLabel subsystem is supported on Linux Kernels version 2.6.19 and later.  The static, or fallback, labels are only supported on Linux
       Kernels version 2.6.25 and later.  The domain mapping address selectors are only supported on Linux Kernels 2.6.28 and later.

       The  NetLabel  project site, with more information including the source code repository, can be found at http://netlabel.sf.net.  This pro-
       gram is currently under development, please report any bugs at the project site or directly to the author.

AUTHOR

       Paul Moore <paul@paul-moore.com>

SEE ALSO

       netlabel-config(8)

paul@paul-moore.com						    31 May 2013 						    netlabelctl(8)
All times are GMT -4. The time now is 10:23 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy