Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-05-2004, 02:34 PM   #1
Registered: Sep 2004
Distribution: slack-10 / kernel-2.6.81
Posts: 43

Rep: Reputation: 15
Security kernel option: Default Linux Capabilities

I transferred to Linux so I can work on 3d graphics so I took the necessary steps to get my 3d acceleration working and all my periphirals getting detected and working to my liking. I decided to recompile the kernel so I can compile it for my cpu and I saw an option in the Security options called "Default Linux Capabilities".. I turned that ON (not knowing what it really does, but it sounded like I needed it for some reason) and then built the kernel.. Now with this new nice kernel I'm having problems connecting to other types of connection besides HTTP. For example, attempting to connect to my FTP server in my website so I can upload my artwork doesnt work anymore. I also cannot connect to GAIM or any instant messaging. And now it takes longer to connect to IRC servers such as Freenode that I usually connect to instantly..

So what I'm thinking here is that "Default Linux Capabilities" did something to my system which made it more strict, which is good.. But now I need to enable access to some of those connections i said above such as FTP, Instant Messaging, but I don't know how to do it with this new security thing.

I googled Google for default linux capabilities and all i got is a description or article about it being integrated in kernel 2.6.

I have another option which is to recompile the kernel and exclude that security option so its not built in my kernel..(but why would I do such a thing?)

If you could help me out by telling me by pointing me to the right direction as to how I can enable access to those connections or a website showing a quick and dirty way on how to configure it, that would be great.

Last edited by orgee; 10-05-2004 at 02:36 PM.
Old 10-10-2004, 08:55 AM   #2
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
What you choose was part of the Linux Security Module framework (properly TLA'ed to LSM) which is std from kernel version 2.6.x on. If you're sure you need LIDS, SELinux, Dazuko or other security framework modules, please read up on them before activating any. If not, disable them and please check out the LQ FAQ: Security references on how to secure your box.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
security = domain option in smb.conf requires the user have an account on linux nlong1 Linux - Newbie 10 12-08-2004 02:02 PM
Multi-User Linux Capabilities Baryonic Being Linux - General 11 08-27-2004 01:18 PM
How to enable linux filesystem capabilities for kernel 2.24.18 toubo Linux - General 8 08-20-2004 11:09 AM
mysql entry in catalina.policy when using security option gschrade Linux - Software 5 03-23-2004 12:23 PM
Linux multiuser capabilities for one user? mlhammer Linux - Newbie 4 11-10-2003 10:41 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:39 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration