2017-05-13 11:51:43 +00:00
|
|
|
===========================
|
|
|
|
Linux Security Module Usage
|
|
|
|
===========================
|
2011-11-02 00:20:01 +00:00
|
|
|
|
|
|
|
The Linux Security Module (LSM) framework provides a mechanism for
|
|
|
|
various security checks to be hooked by new kernel extensions. The name
|
|
|
|
"module" is a bit of a misnomer since these extensions are not actually
|
|
|
|
loadable kernel modules. Instead, they are selectable at build-time via
|
|
|
|
CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
|
2017-05-13 11:51:43 +00:00
|
|
|
``"security=..."`` kernel command line argument, in the case where multiple
|
2011-11-02 00:20:01 +00:00
|
|
|
LSMs were built into a given kernel.
|
|
|
|
|
|
|
|
The primary users of the LSM interface are Mandatory Access Control
|
|
|
|
(MAC) extensions which provide a comprehensive security policy. Examples
|
|
|
|
include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
|
|
|
|
MAC extensions, other extensions can be built using the LSM to provide
|
|
|
|
specific changes to system operation when these tweaks are not available
|
|
|
|
in the core functionality of Linux itself.
|
|
|
|
|
2018-09-22 00:16:59 +00:00
|
|
|
The Linux capabilities modules will always be included. This may be
|
|
|
|
followed by any number of "minor" modules and at most one "major" module.
|
2017-05-13 11:51:43 +00:00
|
|
|
For more details on capabilities, see ``capabilities(7)`` in the Linux
|
2011-11-02 00:20:01 +00:00
|
|
|
man-pages project.
|
|
|
|
|
2017-01-19 01:09:05 +00:00
|
|
|
A list of the active security modules can be found by reading
|
2017-05-13 11:51:43 +00:00
|
|
|
``/sys/kernel/security/lsm``. This is a comma separated list, and
|
2017-01-19 01:09:05 +00:00
|
|
|
will always include the capability module. The list reflects the
|
|
|
|
order in which checks are made. The capability module will always
|
|
|
|
be first, followed by any "minor" modules (e.g. Yama) and then
|
|
|
|
the one "major" module (e.g. SELinux) if there is one configured.
|
2017-05-13 11:51:44 +00:00
|
|
|
|
2018-09-22 00:16:59 +00:00
|
|
|
Process attributes associated with "major" security modules should
|
|
|
|
be accessed and maintained using the special files in ``/proc/.../attr``.
|
|
|
|
A security module may maintain a module specific subdirectory there,
|
|
|
|
named after the module. ``/proc/.../attr/smack`` is provided by the Smack
|
|
|
|
security module and contains all its special files. The files directly
|
|
|
|
in ``/proc/.../attr`` remain as legacy interfaces for modules that provide
|
|
|
|
subdirectories.
|
|
|
|
|
2017-05-13 11:51:44 +00:00
|
|
|
.. toctree::
|
|
|
|
:maxdepth: 1
|
|
|
|
|
2017-05-13 11:51:45 +00:00
|
|
|
apparmor
|
2017-05-13 11:51:48 +00:00
|
|
|
LoadPin
|
2017-05-13 11:51:44 +00:00
|
|
|
SELinux
|
2017-05-13 11:51:49 +00:00
|
|
|
Smack
|
2017-05-13 11:51:46 +00:00
|
|
|
tomoyo
|
2017-05-13 11:51:47 +00:00
|
|
|
Yama
|
2019-01-16 15:46:06 +00:00
|
|
|
SafeSetID
|