summaryrefslogtreecommitdiffstats
path: root/Documentation/admin-guide/LSM
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-05-13 13:51:43 +0200
committerJonathan Corbet <corbet@lwn.net>2017-05-18 18:31:24 +0200
commit504f231cda569b5e4e48d81a35376641552a5092 (patch)
tree13d929f787804f6181b65df225e74d70ff1e9e22 /Documentation/admin-guide/LSM
parentdoc: security: minor cleanups to build kernel-doc (diff)
downloadlinux-504f231cda569b5e4e48d81a35376641552a5092.tar.xz
linux-504f231cda569b5e4e48d81a35376641552a5092.zip
doc: ReSTify and split LSM.txt
The existing LSM.txt file covered both usage and development, so split this into two files, one under admin-guide and one under kernel development. Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Diffstat (limited to 'Documentation/admin-guide/LSM')
-rw-r--r--Documentation/admin-guide/LSM/index.rst31
1 files changed, 31 insertions, 0 deletions
diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst
new file mode 100644
index 000000000000..7e892b9b58aa
--- /dev/null
+++ b/Documentation/admin-guide/LSM/index.rst
@@ -0,0 +1,31 @@
+===========================
+Linux Security Module Usage
+===========================
+
+The Linux Security Module (LSM) framework provides a mechanism for
+various security checks to be hooked by new kernel extensions. The name
+"module" is a bit of a misnomer since these extensions are not actually
+loadable kernel modules. Instead, they are selectable at build-time via
+CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
+``"security=..."`` kernel command line argument, in the case where multiple
+LSMs were built into a given kernel.
+
+The primary users of the LSM interface are Mandatory Access Control
+(MAC) extensions which provide a comprehensive security policy. Examples
+include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
+MAC extensions, other extensions can be built using the LSM to provide
+specific changes to system operation when these tweaks are not available
+in the core functionality of Linux itself.
+
+Without a specific LSM built into the kernel, the default LSM will be the
+Linux capabilities system. Most LSMs choose to extend the capabilities
+system, building their checks on top of the defined capability hooks.
+For more details on capabilities, see ``capabilities(7)`` in the Linux
+man-pages project.
+
+A list of the active security modules can be found by reading
+``/sys/kernel/security/lsm``. This is a comma separated list, and
+will always include the capability module. The list reflects the
+order in which checks are made. The capability module will always
+be first, followed by any "minor" modules (e.g. Yama) and then
+the one "major" module (e.g. SELinux) if there is one configured.