| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | =========================== |
| 2 | Linux Security Module Usage |
| 3 | =========================== |
| 4 | |
| 5 | The Linux Security Module (LSM) framework provides a mechanism for |
| 6 | various security checks to be hooked by new kernel extensions. The name |
| 7 | "module" is a bit of a misnomer since these extensions are not actually |
| 8 | loadable kernel modules. Instead, they are selectable at build-time via |
| 9 | CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the |
| 10 | ``"security=..."`` kernel command line argument, in the case where multiple |
| 11 | LSMs were built into a given kernel. |
| 12 | |
| 13 | The primary users of the LSM interface are Mandatory Access Control |
| 14 | (MAC) extensions which provide a comprehensive security policy. Examples |
| 15 | include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger |
| 16 | MAC extensions, other extensions can be built using the LSM to provide |
| 17 | specific changes to system operation when these tweaks are not available |
| 18 | in the core functionality of Linux itself. |
| 19 | |
| 20 | The Linux capabilities modules will always be included. This may be |
| 21 | followed by any number of "minor" modules and at most one "major" module. |
| 22 | For more details on capabilities, see ``capabilities(7)`` in the Linux |
| 23 | man-pages project. |
| 24 | |
| 25 | A list of the active security modules can be found by reading |
| 26 | ``/sys/kernel/security/lsm``. This is a comma separated list, and |
| 27 | will always include the capability module. The list reflects the |
| 28 | order in which checks are made. The capability module will always |
| 29 | be first, followed by any "minor" modules (e.g. Yama) and then |
| 30 | the one "major" module (e.g. SELinux) if there is one configured. |
| 31 | |
| 32 | Process attributes associated with "major" security modules should |
| 33 | be accessed and maintained using the special files in ``/proc/.../attr``. |
| 34 | A security module may maintain a module specific subdirectory there, |
| 35 | named after the module. ``/proc/.../attr/smack`` is provided by the Smack |
| 36 | security module and contains all its special files. The files directly |
| 37 | in ``/proc/.../attr`` remain as legacy interfaces for modules that provide |
| 38 | subdirectories. |
| 39 | |
| 40 | .. toctree:: |
| 41 | :maxdepth: 1 |
| 42 | |
| 43 | apparmor |
| 44 | LoadPin |
| 45 | SELinux |
| 46 | Smack |
| 47 | tomoyo |
| 48 | Yama |
| 49 | SafeSetID |