Commit | Line | Data |
---|---|---|
504f231c KC |
1 | =========================== |
2 | Linux Security Module Usage | |
3 | =========================== | |
e163bc8e KC |
4 | |
5 | The Linux Security Module (LSM) framework provides a mechanism for | |
6 | various security checks to be hooked by new kernel extensions. The name | |
7 | "module" is a bit of a misnomer since these extensions are not actually | |
8 | loadable kernel modules. Instead, they are selectable at build-time via | |
9 | CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the | |
504f231c | 10 | ``"security=..."`` kernel command line argument, in the case where multiple |
e163bc8e KC |
11 | LSMs were built into a given kernel. |
12 | ||
13 | The primary users of the LSM interface are Mandatory Access Control | |
14 | (MAC) extensions which provide a comprehensive security policy. Examples | |
15 | include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger | |
16 | MAC extensions, other extensions can be built using the LSM to provide | |
17 | specific changes to system operation when these tweaks are not available | |
18 | in the core functionality of Linux itself. | |
19 | ||
6d9c939d CS |
20 | The Linux capabilities modules will always be included. This may be |
21 | followed by any number of "minor" modules and at most one "major" module. | |
504f231c | 22 | For more details on capabilities, see ``capabilities(7)`` in the Linux |
e163bc8e KC |
23 | man-pages project. |
24 | ||
d69dece5 | 25 | A list of the active security modules can be found by reading |
504f231c | 26 | ``/sys/kernel/security/lsm``. This is a comma separated list, and |
d69dece5 CS |
27 | will always include the capability module. The list reflects the |
28 | order in which checks are made. The capability module will always | |
29 | be first, followed by any "minor" modules (e.g. Yama) and then | |
30 | the one "major" module (e.g. SELinux) if there is one configured. | |
229fd05c | 31 | |
6d9c939d CS |
32 | Process attributes associated with "major" security modules should |
33 | be accessed and maintained using the special files in ``/proc/.../attr``. | |
34 | A security module may maintain a module specific subdirectory there, | |
35 | named after the module. ``/proc/.../attr/smack`` is provided by the Smack | |
36 | security module and contains all its special files. The files directly | |
37 | in ``/proc/.../attr`` remain as legacy interfaces for modules that provide | |
38 | subdirectories. | |
39 | ||
229fd05c KC |
40 | .. toctree:: |
41 | :maxdepth: 1 | |
42 | ||
26fccd9e | 43 | apparmor |
30da4f77 | 44 | LoadPin |
229fd05c | 45 | SELinux |
a5606ced | 46 | Smack |
5ea672c7 | 47 | tomoyo |
90bb7664 | 48 | Yama |