[ubuntu-hardened] Re: [ANN] vSecurity policy work (aka dapper & breezy de-rooting)

>> At least, we can still work on the policy and avoid 
>> wasting time ;). cap_over from upstream works fine
>> on kernels up to 2.6.14 (mainline tested)
Is cap_over policy enforcement enabled by default in 
the most recent cvs? I know it is not in the previous
cvs release I have laying around /home and if not,
could you commit it?


>> Policy work involves researching on the default
>> setuid binaries in dapper and breezy, and creating
>> policies for each one of them. You just need the
>> policy loader and cap_over LSM.
cap_over is merged with vSecurity, but you need the
cap_over LSM? Forgive my ignorance, but that sounds
like I need to compile && modprobe cap_over. I am
guessing this is incorrect, but I would like to clear
things up first.