Re: [PATCH] Documentation: clarify the purpose of LSMs
From: James Morris
Date: Tue Nov 01 2011 - 19:57:10 EST
On Tue, 1 Nov 2011, Kees Cook wrote:
> Clarify the purpose of the LSM interface with some brief examples and
> pointers to additional documentation.
Please also point to the "Arjan protocol" for accepting LSMs.
http://kerneltrap.org/Linux/Documenting_Security_Module_Intent
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> Documentation/security/00-INDEX | 2 ++
> Documentation/security/LSM.txt | 26 ++++++++++++++++++++++++++
> Documentation/security/credentials.txt | 6 +++---
> 3 files changed, 31 insertions(+), 3 deletions(-)
> create mode 100644 Documentation/security/LSM.txt
>
> diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX
> index 1f33b73..eeed1de 100644
> --- a/Documentation/security/00-INDEX
> +++ b/Documentation/security/00-INDEX
> @@ -1,5 +1,7 @@
> 00-INDEX
> - this file.
> +LSM.txt
> + - description of the Linux Security Module framework.
> SELinux.txt
> - how to get started with the SELinux security enhancement.
> Smack.txt
> diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
> new file mode 100644
> index 0000000..ec93803
> --- /dev/null
> +++ b/Documentation/security/LSM.txt
> @@ -0,0 +1,26 @@
> +Linux Security Module framework
> +-------------------------------
> +
> +The Linux Security Module (LSM) framework provides a mechanism for
> +various security checks to be hooked by new kernel extensions. The name
> +"module" is a bit of a misnomer since these extensions are not actually
> +loadable kernel modules. Instead, they are selectable at build-time via
> +CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
> +"security=..." kernel command line argument, in the case where multiple
> +LSMs were built into a given kernel.
> +
> +The primary users of the LSM interface are Mandatory Access Control
> +(MAC) extensions which provide a comprehensive security policy. Examples
> +include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
> +MAC extensions, other extensions can be built using the LSM to provide
> +specific changes to system operation when these tweaks are not available
> +in the core functionality of Linux itself.
> +
> +Without a specific LSM built into the kernel, the default LSM will be the
> +Linux capabilities system. Most LSMs choose to extend the capabilities
> +system, building their checks on top of the defined capability hooks.
> +For more details on capabilities, see capabilities(7) in the Linux
> +man-pages project.
> +
> +For extensive documentation on the available LSM hook interfaces, please
> +see include/linux/security.h.
> diff --git a/Documentation/security/credentials.txt b/Documentation/security/credentials.txt
> index fc0366c..8625705 100644
> --- a/Documentation/security/credentials.txt
> +++ b/Documentation/security/credentials.txt
> @@ -221,10 +221,10 @@ The Linux kernel supports the following types of credentials:
> (5) LSM
>
> The Linux Security Module allows extra controls to be placed over the
> - operations that a task may do. Currently Linux supports two main
> - alternate LSM options: SELinux and Smack.
> + operations that a task may do. Currently Linux supports several LSM
> + options.
>
> - Both work by labelling the objects in a system and then applying sets of
> + Some work by labelling the objects in a system and then applying sets of
> rules (policies) that say what operations a task with one label may do to
> an object with another label.
>
> --
> 1.7.5.4
>
>
> --
> Kees Cook @outflux.net
>
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/