summaryrefslogtreecommitdiffstats
path: root/Documentation/security/LSM.txt
diff options
context:
space:
mode:
authorKees Cook <kees@outflux.net>2011-11-02 01:20:01 +0100
committerJames Morris <jmorris@namei.org>2011-11-16 02:37:27 +0100
commite163bc8e4a0cd1cdffadb58253f7651201722d56 (patch)
tree66570af9c0304cf53350e8e67c67e407e92ee12f /Documentation/security/LSM.txt
parentinclude/linux/security.h: fix security_inode_init_security() arg (diff)
downloadlinux-e163bc8e4a0cd1cdffadb58253f7651201722d56.tar.xz
linux-e163bc8e4a0cd1cdffadb58253f7651201722d56.zip
Documentation: clarify the purpose of LSMs
Clarify the purpose of the LSM interface with some brief examples and pointers to additional documentation. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation/security/LSM.txt')
-rw-r--r--Documentation/security/LSM.txt34
1 files changed, 34 insertions, 0 deletions
diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
new file mode 100644
index 000000000000..c335a763a2ed
--- /dev/null
+++ b/Documentation/security/LSM.txt
@@ -0,0 +1,34 @@
+Linux Security Module framework
+-------------------------------
+
+The Linux Security Module (LSM) framework provides a mechanism for
+various security checks to be hooked by new kernel extensions. The name
+"module" is a bit of a misnomer since these extensions are not actually
+loadable kernel modules. Instead, they are selectable at build-time via
+CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
+"security=..." kernel command line argument, in the case where multiple
+LSMs were built into a given kernel.
+
+The primary users of the LSM interface are Mandatory Access Control
+(MAC) extensions which provide a comprehensive security policy. Examples
+include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
+MAC extensions, other extensions can be built using the LSM to provide
+specific changes to system operation when these tweaks are not available
+in the core functionality of Linux itself.
+
+Without a specific LSM built into the kernel, the default LSM will be the
+Linux capabilities system. Most LSMs choose to extend the capabilities
+system, building their checks on top of the defined capability hooks.
+For more details on capabilities, see capabilities(7) in the Linux
+man-pages project.
+
+Based on http://kerneltrap.org/Linux/Documenting_Security_Module_Intent,
+a new LSM is accepted into the kernel when its intent (a description of
+what it tries to protect against and in what cases one would expect to
+use it) has been appropriately documented in Documentation/security/.
+This allows an LSM's code to be easily compared to its goals, and so
+that end users and distros can make a more informed decision about which
+LSMs suit their requirements.
+
+For extensive documentation on the available LSM hook interfaces, please
+see include/linux/security.h.