On Thu, 2007-01-18 at 13:50 -0500, Gene Heskett wrote: > On Thursday 18 January 2007 12:57, Stephen Smalley wrote: > >On Thu, 2007-01-18 at 12:44 -0500, Gene Heskett wrote: > >> On Thursday 18 January 2007 10:13, Lyvim Xaphir wrote: > >> >On Tue, 2007-01-16 at 01:55 -0500, Gene Heskett wrote: > >> >> I believe you will have to build a generic kernel.org kernel, > >> >> configured without that support, something I have underway right > >> >> now, using 2.6.20-rc4. I was amazed at the number of options I > >> >> found turned on that a proper 'make oldconfig' should absolutely > >> >> never have turned on. My scripts take care of everything but > >> >> grub.conf for a kernel install, so when its done all I should have > >> >> to do is reboot since I'm already running 2.6.20-rc4. Several > >> >> things I found may even account for the apparent slowness of later > >> >> kernels. Things like 15 seconds to launch firefox on an xp-2800 > >> >> athlon with a gig of ram? > >> > > >> >When you get that kernel up and running, see if you can then do > >> > without libselinux installed. > > > >Not a good idea without rebuilding your userland without selinux > >support. Even /sbin/init links against it (to load policy) and will die > >without it. > > > >> I'm not sure as I haven't tried to pull that yet. But without the > >> stuff in the kernel, the logs are being filled by cron processes > >> stuff, but the stuff, like amanda, seem to run normally. > >> > >> Lots of this sort of stuff: > >> > >> **Unmatched Entries** > >> crond[1014]: pam_loginuid(crond:session): set_loginuid failed > >> opening loginuid: 1 Time(s) > > > >That isn't selinux - that is audit-related. Depends on > >CONFIG_AUDITSYSCALL. > > If you are referring to the kernel .config, that name doesn't exist in > mine, and 'CONFIG_AUDIT is not set' and wasn't. Yes, kernel .config option. AUDITSYSCALL (system-call auditing support) depends on AUDIT (basic audit infrastructure), so you apparently have both disabled. > But I just found a few > more things turned on that are for hardware I don't have, or stuff I > don't use, so it's rebuilding again. Somehow or druther, even the board > achitecture got changed, from PC to generic oddball, way down the list. > Maybe I'll find some speed out of this thing yet. :-) -- Stephen Smalley National Security Agency
