doc: ReSTify and split LSM.txt
The existing LSM.txt file covered both usage and development, so split this into two files, one under admin-guide and one under kernel development. Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>zero-colors
parent
f00f85a8b2
commit
504f231cda
|
@ -1,12 +1,13 @@
|
||||||
Linux Security Module framework
|
===========================
|
||||||
-------------------------------
|
Linux Security Module Usage
|
||||||
|
===========================
|
||||||
|
|
||||||
The Linux Security Module (LSM) framework provides a mechanism for
|
The Linux Security Module (LSM) framework provides a mechanism for
|
||||||
various security checks to be hooked by new kernel extensions. The name
|
various security checks to be hooked by new kernel extensions. The name
|
||||||
"module" is a bit of a misnomer since these extensions are not actually
|
"module" is a bit of a misnomer since these extensions are not actually
|
||||||
loadable kernel modules. Instead, they are selectable at build-time via
|
loadable kernel modules. Instead, they are selectable at build-time via
|
||||||
CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
|
CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
|
||||||
"security=..." kernel command line argument, in the case where multiple
|
``"security=..."`` kernel command line argument, in the case where multiple
|
||||||
LSMs were built into a given kernel.
|
LSMs were built into a given kernel.
|
||||||
|
|
||||||
The primary users of the LSM interface are Mandatory Access Control
|
The primary users of the LSM interface are Mandatory Access Control
|
||||||
|
@ -19,23 +20,12 @@ in the core functionality of Linux itself.
|
||||||
Without a specific LSM built into the kernel, the default LSM will be the
|
Without a specific LSM built into the kernel, the default LSM will be the
|
||||||
Linux capabilities system. Most LSMs choose to extend the capabilities
|
Linux capabilities system. Most LSMs choose to extend the capabilities
|
||||||
system, building their checks on top of the defined capability hooks.
|
system, building their checks on top of the defined capability hooks.
|
||||||
For more details on capabilities, see capabilities(7) in the Linux
|
For more details on capabilities, see ``capabilities(7)`` in the Linux
|
||||||
man-pages project.
|
man-pages project.
|
||||||
|
|
||||||
A list of the active security modules can be found by reading
|
A list of the active security modules can be found by reading
|
||||||
/sys/kernel/security/lsm. This is a comma separated list, and
|
``/sys/kernel/security/lsm``. This is a comma separated list, and
|
||||||
will always include the capability module. The list reflects the
|
will always include the capability module. The list reflects the
|
||||||
order in which checks are made. The capability module will always
|
order in which checks are made. The capability module will always
|
||||||
be first, followed by any "minor" modules (e.g. Yama) and then
|
be first, followed by any "minor" modules (e.g. Yama) and then
|
||||||
the one "major" module (e.g. SELinux) if there is one configured.
|
the one "major" module (e.g. SELinux) if there is one configured.
|
||||||
|
|
||||||
Based on https://lkml.org/lkml/2007/10/26/215,
|
|
||||||
a new LSM is accepted into the kernel when its intent (a description of
|
|
||||||
what it tries to protect against and in what cases one would expect to
|
|
||||||
use it) has been appropriately documented in Documentation/security/.
|
|
||||||
This allows an LSM's code to be easily compared to its goals, and so
|
|
||||||
that end users and distros can make a more informed decision about which
|
|
||||||
LSMs suit their requirements.
|
|
||||||
|
|
||||||
For extensive documentation on the available LSM hook interfaces, please
|
|
||||||
see include/linux/security.h.
|
|
|
@ -61,6 +61,7 @@ configure specific aspects of kernel behavior to your liking.
|
||||||
java
|
java
|
||||||
ras
|
ras
|
||||||
pm/index
|
pm/index
|
||||||
|
LSM/index
|
||||||
|
|
||||||
.. only:: subproject and html
|
.. only:: subproject and html
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
00-INDEX
|
00-INDEX
|
||||||
- this file.
|
- this file.
|
||||||
LSM.txt
|
|
||||||
- description of the Linux Security Module framework.
|
|
||||||
SELinux.txt
|
SELinux.txt
|
||||||
- how to get started with the SELinux security enhancement.
|
- how to get started with the SELinux security enhancement.
|
||||||
Smack.txt
|
Smack.txt
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
=================================
|
||||||
|
Linux Security Module Development
|
||||||
|
=================================
|
||||||
|
|
||||||
|
Based on https://lkml.org/lkml/2007/10/26/215,
|
||||||
|
a new LSM is accepted into the kernel when its intent (a description of
|
||||||
|
what it tries to protect against and in what cases one would expect to
|
||||||
|
use it) has been appropriately documented in ``Documentation/security/LSM``.
|
||||||
|
This allows an LSM's code to be easily compared to its goals, and so
|
||||||
|
that end users and distros can make a more informed decision about which
|
||||||
|
LSMs suit their requirements.
|
||||||
|
|
||||||
|
For extensive documentation on the available LSM hook interfaces, please
|
||||||
|
see ``include/linux/lsm_hooks.h``.
|
|
@ -7,5 +7,6 @@ Security Documentation
|
||||||
|
|
||||||
credentials
|
credentials
|
||||||
IMA-templates
|
IMA-templates
|
||||||
|
LSM
|
||||||
self-protection
|
self-protection
|
||||||
tpm/index
|
tpm/index
|
||||||
|
|
Loading…
Reference in New Issue