Linux Security Modules¶
- Author:
Casey Schaufler
- Date:
July 2023
Linux security modules (LSM) provide a mechanism to implement additional access controls to the Linux security policies.
The various security modules may support any of these attributes:
LSM_ATTR_CURRENT
is the current, active security context of the
process.
The proc filesystem provides this value in /proc/self/attr/current
.
This is supported by the SELinux, Smack and AppArmor security modules.
Smack also provides this value in /proc/self/attr/smack/current
.
AppArmor also provides this value in /proc/self/attr/apparmor/current
.
LSM_ATTR_EXEC
is the security context of the process at the time the
current image was executed.
The proc filesystem provides this value in /proc/self/attr/exec
.
This is supported by the SELinux and AppArmor security modules.
AppArmor also provides this value in /proc/self/attr/apparmor/exec
.
LSM_ATTR_FSCREATE
is the security context of the process used when
creating file system objects.
The proc filesystem provides this value in /proc/self/attr/fscreate
.
This is supported by the SELinux security module.
LSM_ATTR_KEYCREATE
is the security context of the process used when
creating key objects.
The proc filesystem provides this value in /proc/self/attr/keycreate
.
This is supported by the SELinux security module.
LSM_ATTR_PREV
is the security context of the process at the time the
current security context was set.
The proc filesystem provides this value in /proc/self/attr/prev
.
This is supported by the SELinux and AppArmor security modules.
AppArmor also provides this value in /proc/self/attr/apparmor/prev
.
LSM_ATTR_SOCKCREATE
is the security context of the process used when
creating socket objects.
The proc filesystem provides this value in /proc/self/attr/sockcreate
.
This is supported by the SELinux security module.
Kernel interface¶
Set a security attribute of the current process¶
-
long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx __user *ctx, u32 size, u32 flags)¶
Set current task’s security module attribute
Parameters
unsigned int attr
which attribute to set
struct lsm_ctx __user * ctx
the LSM contexts
u32 size
size of ctx
u32 flags
reserved for future use
Description
Sets the calling task’s LSM context. On success this function returns 0. If the attribute specified cannot be set a negative value indicating the reason for the error is returned.
Get the specified security attributes of the current process¶
-
long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx __user *ctx, u32 __user *size, u32 flags)¶
Return current task’s security module attributes
Parameters
unsigned int attr
which attribute to return
struct lsm_ctx __user * ctx
the user-space destination for the information, or NULL
u32 __user * size
pointer to the size of space available to receive the data
u32 flags
special handling options. LSM_FLAG_SINGLE indicates that only attributes associated with the LSM identified in the passed ctx be reported.
Description
Returns the calling task’s LSM contexts. On success this function returns the number of ctx array elements. This value may be zero if there are no LSM contexts assigned. If size is insufficient to contain the return data -E2BIG is returned and size is set to the minimum required size. In all other cases a negative value indicating the error is returned.
-
long sys_lsm_list_modules(u64 __user *ids, u32 __user *size, u32 flags)¶
Return a list of the active security modules
Parameters
u64 __user * ids
the LSM module ids
u32 __user * size
pointer to size of ids, updated on return
u32 flags
reserved for future use, must be zero
Description
Returns a list of the active LSM ids. On success this function returns the number of ids array elements. This value may be zero if there are no LSMs active. If size is insufficient to contain the return data -E2BIG is returned and size is set to the minimum required size. In all other cases a negative value indicating the error is returned.
Additional documentation¶
Documentation/security/lsm.rst
Documentation/security/lsm-development.rst