[PATCH v2] Documentation: clarify the purpose of LSMs

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] Documentation: clarify the purpose of LSMs
@ 2011-11-02  0:20 Kees Cook
  2011-11-16  1:41 ` James Morris
  0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2011-11-02  0:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: James Morris, linux-security-module, linux-doc

Clarify the purpose of the LSM interface with some brief examples and
pointers to additional documentation.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
v2:
    - based on feedback from James Morris, added reference to
      http://kerneltrap.org/Linux/Documenting_Security_Module_Intent

 Documentation/security/00-INDEX        |    2 +
 Documentation/security/LSM.txt         |   34 ++++++++++++++++++++++++++++++++
 Documentation/security/credentials.txt |    6 ++--
 3 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 Documentation/security/LSM.txt

diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX
index 1f33b73..eeed1de 100644
--- a/Documentation/security/00-INDEX
+++ b/Documentation/security/00-INDEX
@@ -1,5 +1,7 @@
 00-INDEX
 	- this file.
+LSM.txt
+	- description of the Linux Security Module framework.
 SELinux.txt
 	- how to get started with the SELinux security enhancement.
 Smack.txt
diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
new file mode 100644
index 0000000..7245316
--- /dev/null
+++ b/Documentation/security/LSM.txt
@@ -0,0 +1,34 @@
+Linux Security Module framework
+-------------------------------
+
+The Linux Security Module (LSM) framework provides a mechanism for
+various security checks to be hooked by new kernel extensions. The name
+"module" is a bit of a misnomer since these extensions are not actually
+loadable kernel modules. Instead, they are selectable at build-time via
+CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
+"security=..." kernel command line argument, in the case where multiple
+LSMs were built into a given kernel.
+
+The primary users of the LSM interface are Mandatory Access Control
+(MAC) extensions which provide a comprehensive security policy. Examples
+include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
+MAC extensions, other extensions can be built using the LSM to provide
+specific changes to system operation when these tweaks are not available
+in the core functionality of Linux itself.
+
+Without a specific LSM built into the kernel, the default LSM will be the
+Linux capabilities system. Most LSMs choose to extend the capabilities
+system, building their checks on top of the defined capability hooks.
+For more details on capabilities, see capabilities(7) in the Linux
+man-pages project.
+
+Based on http://kerneltrap.org/Linux/Documenting_Security_Module_Intent,
+a new LSM is accepted into the kernel when its intent (a description of
+what it tries to protect against and in what cases one would expect to
+use it) has been appropriately documented in Documentation/security/.
+This allows an LSM's code to be easily compared to its goals, and so
+that end users and distros can make a more informed decision about which
+LSMs suit their requirements.
+
+For extensive documentation on the available LSM hook interfaces, please
+see include/linux/security.h.
diff --git a/Documentation/security/credentials.txt b/Documentation/security/credentials.txt
index fc0366c..8625705 100644
--- a/Documentation/security/credentials.txt
+++ b/Documentation/security/credentials.txt
@@ -221,10 +221,10 @@ The Linux kernel supports the following types of credentials:
  (5) LSM
 
      The Linux Security Module allows extra controls to be placed over the
-     operations that a task may do.  Currently Linux supports two main
-     alternate LSM options: SELinux and Smack.
+     operations that a task may do.  Currently Linux supports several LSM
+     options.
 
-     Both work by labelling the objects in a system and then applying sets of
+     Some work by labelling the objects in a system and then applying sets of
      rules (policies) that say what operations a task with one label may do to
      an object with another label.
 
-- 
1.7.5.4


-- 
Kees Cook                                            @outflux.net

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v2] Documentation: clarify the purpose of LSMs
  2011-11-02  0:20 [PATCH v2] Documentation: clarify the purpose of LSMs Kees Cook
@ 2011-11-16  1:41 ` James Morris
  0 siblings, 0 replies; 2+ messages in thread
From: James Morris @ 2011-11-16  1:41 UTC (permalink / raw)
  To: Kees Cook; +Cc: linux-kernel, linux-security-module, linux-doc

On Tue, 1 Nov 2011, Kees Cook wrote:

> Clarify the purpose of the LSM interface with some brief examples and
> pointers to additional documentation.
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> v2:
>     - based on feedback from James Morris, added reference to
>       http://kerneltrap.org/Linux/Documenting_Security_Module_Intent
> 

Applied to
git://selinuxproject.org/~jmorris/linux-security next

-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-11-16  1:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-02  0:20 [PATCH v2] Documentation: clarify the purpose of LSMs Kees Cook
2011-11-16  1:41 ` James Morris

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox