162306a36Sopenharmony_ci=========================== 262306a36Sopenharmony_ciLinux Security Module Usage 362306a36Sopenharmony_ci=========================== 462306a36Sopenharmony_ci 562306a36Sopenharmony_ciThe Linux Security Module (LSM) framework provides a mechanism for 662306a36Sopenharmony_civarious security checks to be hooked by new kernel extensions. The name 762306a36Sopenharmony_ci"module" is a bit of a misnomer since these extensions are not actually 862306a36Sopenharmony_ciloadable kernel modules. Instead, they are selectable at build-time via 962306a36Sopenharmony_ciCONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the 1062306a36Sopenharmony_ci``"security=..."`` kernel command line argument, in the case where multiple 1162306a36Sopenharmony_ciLSMs were built into a given kernel. 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ciThe primary users of the LSM interface are Mandatory Access Control 1462306a36Sopenharmony_ci(MAC) extensions which provide a comprehensive security policy. Examples 1562306a36Sopenharmony_ciinclude SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger 1662306a36Sopenharmony_ciMAC extensions, other extensions can be built using the LSM to provide 1762306a36Sopenharmony_cispecific changes to system operation when these tweaks are not available 1862306a36Sopenharmony_ciin the core functionality of Linux itself. 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ciThe Linux capabilities modules will always be included. This may be 2162306a36Sopenharmony_cifollowed by any number of "minor" modules and at most one "major" module. 2262306a36Sopenharmony_ciFor more details on capabilities, see ``capabilities(7)`` in the Linux 2362306a36Sopenharmony_ciman-pages project. 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ciA list of the active security modules can be found by reading 2662306a36Sopenharmony_ci``/sys/kernel/security/lsm``. This is a comma separated list, and 2762306a36Sopenharmony_ciwill always include the capability module. The list reflects the 2862306a36Sopenharmony_ciorder in which checks are made. The capability module will always 2962306a36Sopenharmony_cibe first, followed by any "minor" modules (e.g. Yama) and then 3062306a36Sopenharmony_cithe one "major" module (e.g. SELinux) if there is one configured. 3162306a36Sopenharmony_ci 3262306a36Sopenharmony_ciProcess attributes associated with "major" security modules should 3362306a36Sopenharmony_cibe accessed and maintained using the special files in ``/proc/.../attr``. 3462306a36Sopenharmony_ciA security module may maintain a module specific subdirectory there, 3562306a36Sopenharmony_cinamed after the module. ``/proc/.../attr/smack`` is provided by the Smack 3662306a36Sopenharmony_cisecurity module and contains all its special files. The files directly 3762306a36Sopenharmony_ciin ``/proc/.../attr`` remain as legacy interfaces for modules that provide 3862306a36Sopenharmony_cisubdirectories. 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci.. toctree:: 4162306a36Sopenharmony_ci :maxdepth: 1 4262306a36Sopenharmony_ci 4362306a36Sopenharmony_ci apparmor 4462306a36Sopenharmony_ci LoadPin 4562306a36Sopenharmony_ci SELinux 4662306a36Sopenharmony_ci Smack 4762306a36Sopenharmony_ci tomoyo 4862306a36Sopenharmony_ci Yama 4962306a36Sopenharmony_ci SafeSetID 50