1 ===========================
2 Linux Security Module Usage
3 ===========================
4
5 The Linux Security Module (LSM) framework prov
6 various security checks to be hooked by new ke
7 "module" is a bit of a misnomer since these ex
8 loadable kernel modules. Instead, they are sel
9 CONFIG_DEFAULT_SECURITY and can be overridden
10 ``"security=..."`` kernel command line argumen
11 LSMs were built into a given kernel.
12
13 The primary users of the LSM interface are Man
14 (MAC) extensions which provide a comprehensive
15 include SELinux, Smack, Tomoyo, and AppArmor.
16 MAC extensions, other extensions can be built
17 specific changes to system operation when thes
18 in the core functionality of Linux itself.
19
20 The Linux capabilities modules will always be
21 followed by any number of "minor" modules and
22 For more details on capabilities, see ``capabi
23 man-pages project.
24
25 A list of the active security modules can be f
26 ``/sys/kernel/security/lsm``. This is a comma
27 will always include the capability module. The
28 order in which checks are made. The capability
29 be first, followed by any "minor" modules (e.g
30 the one "major" module (e.g. SELinux) if there
31
32 Process attributes associated with "major" sec
33 be accessed and maintained using the special f
34 A security module may maintain a module specif
35 named after the module. ``/proc/.../attr/smack
36 security module and contains all its special f
37 in ``/proc/.../attr`` remain as legacy interfa
38 subdirectories.
39
40 .. toctree::
41 :maxdepth: 1
42
43 apparmor
44 LoadPin
45 SELinux
46 Smack
47 tomoyo
48 Yama
49 SafeSetID
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.