[linux-2.6-block.git] / Documentation / admin-guide / LSM / index.rst

===========================
Linux Security Module Usage
===========================

The Linux Security Module (LSM) framework provides a mechanism for
various security checks to be hooked by new kernel extensions. The name
"module" is a bit of a misnomer since these extensions are not actually
loadable kernel modules. Instead, they are selectable at build-time via
CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
``"security=..."`` kernel command line argument, in the case where multiple
LSMs were built into a given kernel.

The primary users of the LSM interface are Mandatory Access Control
(MAC) extensions which provide a comprehensive security policy. Examples
include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
MAC extensions, other extensions can be built using the LSM to provide
specific changes to system operation when these tweaks are not available
in the core functionality of Linux itself.

The Linux capabilities modules will always be included. This may be
followed by any number of "minor" modules and at most one "major" module.
For more details on capabilities, see ``capabilities(7)`` in the Linux
man-pages project.

A list of the active security modules can be found by reading
``/sys/kernel/security/lsm``. This is a comma separated list, and
will always include the capability module. The list reflects the
order in which checks are made. The capability module will always
be first, followed by any "minor" modules (e.g. Yama) and then
the one "major" module (e.g. SELinux) if there is one configured.

Process attributes associated with "major" security modules should
be accessed and maintained using the special files in ``/proc/.../attr``.
A security module may maintain a module specific subdirectory there,
named after the module. ``/proc/.../attr/smack`` is provided by the Smack
security module and contains all its special files. The files directly
in ``/proc/.../attr`` remain as legacy interfaces for modules that provide
subdirectories.

.. toctree::
   :maxdepth: 1

   apparmor
   LoadPin
   SELinux
   Smack
   tomoyo
   Yama
Commit	Line	Data
504f231c KC	1	===========================
	2	Linux Security Module Usage
	3	===========================
e163bc8e KC	4
	5	The Linux Security Module (LSM) framework provides a mechanism for
	6	various security checks to be hooked by new kernel extensions. The name
	7	"module" is a bit of a misnomer since these extensions are not actually
	8	loadable kernel modules. Instead, they are selectable at build-time via
	9	CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
504f231c	10	``"security=..."`` kernel command line argument, in the case where multiple
e163bc8e KC	11	LSMs were built into a given kernel.
	12
	13	The primary users of the LSM interface are Mandatory Access Control
	14	(MAC) extensions which provide a comprehensive security policy. Examples
	15	include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
	16	MAC extensions, other extensions can be built using the LSM to provide
	17	specific changes to system operation when these tweaks are not available
	18	in the core functionality of Linux itself.
	19
6d9c939d CS	20	The Linux capabilities modules will always be included. This may be
6d9c939d CS	21	followed by any number of "minor" modules and at most one "major" module.
504f231c	22	For more details on capabilities, see ``capabilities(7)`` in the Linux
e163bc8e KC	23	man-pages project.
e163bc8e KC	24
d69dece5	25	A list of the active security modules can be found by reading
504f231c	26	``/sys/kernel/security/lsm``. This is a comma separated list, and
d69dece5 CS	27	will always include the capability module. The list reflects the
	28	order in which checks are made. The capability module will always
	29	be first, followed by any "minor" modules (e.g. Yama) and then
	30	the one "major" module (e.g. SELinux) if there is one configured.
229fd05c	31
6d9c939d CS	32	Process attributes associated with "major" security modules should
	33	be accessed and maintained using the special files in ``/proc/.../attr``.
	34	A security module may maintain a module specific subdirectory there,
	35	named after the module. ``/proc/.../attr/smack`` is provided by the Smack
	36	security module and contains all its special files. The files directly
	37	in ``/proc/.../attr`` remain as legacy interfaces for modules that provide
	38	subdirectories.
	39
229fd05c KC	40	.. toctree::
	41	:maxdepth: 1
	42
26fccd9e	43	apparmor
30da4f77	44	LoadPin
229fd05c	45	SELinux
a5606ced	46	Smack
5ea672c7	47	tomoyo
90bb7664	48	Yama