# lidsadm -I
INIT
open: No such file or directory
lidsadm: cannot open /sys/kernel/security/lids/locks
reason:: No such file or directory



Whats happening?

It looks like lids requires patches to the kernel. I can't find a package with lidsadm in Debian (nor anything with "lids" in its name), so I don't know if there's a Debian kernel with the hacks or if you'll need to roll your own. Both possibilities are covered by these articles.

_________________

/* TODO: need to add signature to posts */

I've patched the kernel source,compiled and installed it.

Are you sure that you're running it? You selected pvgrub in the linode manager and confirmed that you're running your custom-compiled kernel? Merely installing the kernel is insufficient.

Yes,also used "uname -a" to confirm.

I like Debian,but it seems that LIDS don't,LOL.

zgrep -i lids /proc/config.gz
dmesg | grep -i lids

You sure you have compiled it statically and not as a module (or
have it specified in /etc/modules)?

_________________
rsk, providing useless advice on the Internet since 2005.

# zgrep -i lids /proc/config.gz
CONFIG_LIDS=y
CONFIG_LIDS_NO_FLOOD_LOG=y
CONFIG_LIDS_ALLOW_SWITCH=y
CONFIG_LIDS_ALLOW_LFS=y
CONFIG_LIDS_RESTRICT_MODE_SWITCH=y
CONFIG_LIDS_MODE_SWITCH_CONSOLE=y
CONFIG_LIDS_MODE_SWITCH_SERIAL=y
CONFIG_LIDS_MODE_SWITCH_PTY=y
CONFIG_LIDS_NF_MARK=y
CONFIG_LIDS_TPE=y
CONFIG_LIDS_TDE=y
CONFIG_CAP_LIDS_SANDBOX_EFF_SET=y
CONFIG_LIDS_SHRINK_SIZE=y
CONFIG_LIDS_DEBUG=y






# dmesg | grep -i lids
LIDS: Initializing...
Failure registering LIDS with the kernel

This sure sounds bad... you sure the patch is meant for thie kernel version, that you have all the prereqs if any (does LIDS depend on grsec? Sorry, I don't use any of these hardening stuffs...)...

Got the basic security framework and securityfs enabled? Do you have any install docs there, and did you read them? (can't find a thing on their website... >.<)

_________________
rsk, providing useless advice on the Internet since 2005.

Yes.I googled but found no solution.

Okay, okay.
dmesg | grep -A15 'LIDS:.*Initializing'
There may be lines without LIDS prefix between the initialize and the failure message....

_________________
rsk, providing useless advice on the Internet since 2005.

This is above my pay grade, but all of the Google hits I found were quite old, but they all specified the need to use a vanilla kernel, and that the lids patch wouldn't work if other hardening patches were installed.

_________________
--
Chris Bryant

Thanks to everyone who replys this topic.



:/usr/src/linux# dmesg | grep -A15 'LIDS:.*Initializing'
LIDS: Initializing...
Failure registering LIDS with the kernel
Mount-cache hash table entries: 512
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 256K
CPU: L3 cache: 8192K
CPU: Unsupported number of siblings 16
Performance Events: unsupported p6 CPU model 26 no PMU driver, software events only.
Freeing SMP alternatives: 25k freed
cpu 0 spinlock event irq 1
installing Xen timer for CPU 1
cpu 1 spinlock event irq 7
Initializing CPU#1
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 256K
CPU: L3 cache: 8192K

Yeah, well... no additional info between the two linds-related lines... Tried asking in LIDS-related mailing lists?

_________________
rsk, providing useless advice on the Internet since 2005.

OK,let me try,thanks a lot.