1*4882a593Smuzhiyun=========================== 2*4882a593SmuzhiyunLinux Security Module Usage 3*4882a593Smuzhiyun=========================== 4*4882a593Smuzhiyun 5*4882a593SmuzhiyunThe Linux Security Module (LSM) framework provides a mechanism for 6*4882a593Smuzhiyunvarious security checks to be hooked by new kernel extensions. The name 7*4882a593Smuzhiyun"module" is a bit of a misnomer since these extensions are not actually 8*4882a593Smuzhiyunloadable kernel modules. Instead, they are selectable at build-time via 9*4882a593SmuzhiyunCONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the 10*4882a593Smuzhiyun``"security=..."`` kernel command line argument, in the case where multiple 11*4882a593SmuzhiyunLSMs were built into a given kernel. 12*4882a593Smuzhiyun 13*4882a593SmuzhiyunThe primary users of the LSM interface are Mandatory Access Control 14*4882a593Smuzhiyun(MAC) extensions which provide a comprehensive security policy. Examples 15*4882a593Smuzhiyuninclude SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger 16*4882a593SmuzhiyunMAC extensions, other extensions can be built using the LSM to provide 17*4882a593Smuzhiyunspecific changes to system operation when these tweaks are not available 18*4882a593Smuzhiyunin the core functionality of Linux itself. 19*4882a593Smuzhiyun 20*4882a593SmuzhiyunThe Linux capabilities modules will always be included. This may be 21*4882a593Smuzhiyunfollowed by any number of "minor" modules and at most one "major" module. 22*4882a593SmuzhiyunFor more details on capabilities, see ``capabilities(7)`` in the Linux 23*4882a593Smuzhiyunman-pages project. 24*4882a593Smuzhiyun 25*4882a593SmuzhiyunA list of the active security modules can be found by reading 26*4882a593Smuzhiyun``/sys/kernel/security/lsm``. This is a comma separated list, and 27*4882a593Smuzhiyunwill always include the capability module. The list reflects the 28*4882a593Smuzhiyunorder in which checks are made. The capability module will always 29*4882a593Smuzhiyunbe first, followed by any "minor" modules (e.g. Yama) and then 30*4882a593Smuzhiyunthe one "major" module (e.g. SELinux) if there is one configured. 31*4882a593Smuzhiyun 32*4882a593SmuzhiyunProcess attributes associated with "major" security modules should 33*4882a593Smuzhiyunbe accessed and maintained using the special files in ``/proc/.../attr``. 34*4882a593SmuzhiyunA security module may maintain a module specific subdirectory there, 35*4882a593Smuzhiyunnamed after the module. ``/proc/.../attr/smack`` is provided by the Smack 36*4882a593Smuzhiyunsecurity module and contains all its special files. The files directly 37*4882a593Smuzhiyunin ``/proc/.../attr`` remain as legacy interfaces for modules that provide 38*4882a593Smuzhiyunsubdirectories. 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun.. toctree:: 41*4882a593Smuzhiyun :maxdepth: 1 42*4882a593Smuzhiyun 43*4882a593Smuzhiyun apparmor 44*4882a593Smuzhiyun LoadPin 45*4882a593Smuzhiyun SELinux 46*4882a593Smuzhiyun Smack 47*4882a593Smuzhiyun tomoyo 48*4882a593Smuzhiyun Yama 49*4882a593Smuzhiyun SafeSetID 50