Linux Security Modules¶
- Author:
Casey Schaufler
- Date:
July 2023
Linux security modules (LSM) provide a mechanism to implementadditional access controls to the Linux security policies.
The various security modules may support any of these attributes:
LSM_ATTR_CURRENT is the current, active security context of theprocess.The proc filesystem provides this value in/proc/self/attr/current.This is supported by the SELinux, Smack and AppArmor security modules.Smack also provides this value in/proc/self/attr/smack/current.AppArmor also provides this value in/proc/self/attr/apparmor/current.
LSM_ATTR_EXEC is the security context of the process at the time thecurrent image was executed.The proc filesystem provides this value in/proc/self/attr/exec.This is supported by the SELinux and AppArmor security modules.AppArmor also provides this value in/proc/self/attr/apparmor/exec.
LSM_ATTR_FSCREATE is the security context of the process used whencreating file system objects.The proc filesystem provides this value in/proc/self/attr/fscreate.This is supported by the SELinux security module.
LSM_ATTR_KEYCREATE is the security context of the process used whencreating key objects.The proc filesystem provides this value in/proc/self/attr/keycreate.This is supported by the SELinux security module.
LSM_ATTR_PREV is the security context of the process at the time thecurrent security context was set.The proc filesystem provides this value in/proc/self/attr/prev.This is supported by the SELinux and AppArmor security modules.AppArmor also provides this value in/proc/self/attr/apparmor/prev.
LSM_ATTR_SOCKCREATE is the security context of the process used whencreating socket objects.The proc filesystem provides this value in/proc/self/attr/sockcreate.This is supported by the SELinux security module.
Kernel interface¶
Set a security attribute of the current process¶
- longsys_lsm_set_self_attr(unsignedintattr,structlsm_ctx__user*ctx,u32size,u32flags)¶
Set current task’s security module attribute
Parameters
unsignedintattrwhich attribute to set
structlsm_ctx__user*ctxthe LSM contexts
u32sizesize ofctx
u32flagsreserved for future use
Description
Sets the calling task’s LSM context. On success this functionreturns 0. If the attribute specified cannot be set a negativevalue indicating the reason for the error is returned.
Get the specified security attributes of the current process¶
- longsys_lsm_get_self_attr(unsignedintattr,structlsm_ctx__user*ctx,u32__user*size,u32flags)¶
Return current task’s security module attributes
Parameters
unsignedintattrwhich attribute to return
structlsm_ctx__user*ctxthe user-space destination for the information, or NULL
u32__user*sizepointer to the size of space available to receive the data
u32flagsspecial handling options. LSM_FLAG_SINGLE indicates that onlyattributes associated with the LSM identified in the passedctx bereported.
Description
Returns the calling task’s LSM contexts. On success thisfunction returns the number ofctx array elements. This valuemay be zero if there are no LSM contexts assigned. Ifsize isinsufficient to contain the return data -E2BIG is returned andsize is set to the minimum required size. In all other casesa negative value indicating the error is returned.
- longsys_lsm_list_modules(u64__user*ids,u32__user*size,u32flags)¶
Return a list of the active security modules
Parameters
u64__user*idsthe LSM module ids
u32__user*sizepointer to size ofids, updated on return
u32flagsreserved for future use, must be zero
Description
Returns a list of the active LSM ids. On success this functionreturns the number ofids array elements. This value may be zeroif there are no LSMs active. Ifsize is insufficient to containthe return data -E2BIG is returned andsize is set to the minimumrequired size. In all other cases a negative value indicating theerror is returned.