Linux Security Module Development¶
Based on https://lore.kernel.org/r/20071026073721.618b4778@laptopd505.fenrus.org,
a new LSM is accepted into the kernel when its intent (a description of
what it tries to protect against and in what cases one would expect to
use it) has been appropriately documented in Documentation/admin-guide/LSM/
.
This allows an LSM’s code to be easily compared to its goals, and so
that end users and distros can make a more informed decision about which
LSMs suit their requirements.
For extensive documentation on the available LSM hook interfaces, please
see include/linux/lsm_hooks.h
and associated structures:
-
union
security_list_options
¶ Linux Security Module hook function list
Definition
union security_list_options {
#define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
;
#include "lsm_hook_defs.h";
#undef LSM_HOOK;
};
Members
Description
Security hooks for program execution operations.
- Security hooks for mount using fs_context.
[See also Filesystem Mount API]
Security hooks for filesystem operations.
Security hooks for inode operations.
Security hooks for kernfs node operations
Security hooks for file operations
Security hooks for task operations.
Security hooks for Netlink messaging.
Security hooks for Unix domain networking.
The unix_stream_connect and unix_may_send hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn’t possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code.
Security hooks for socket operations.
Security hooks for SCTP
Security hooks for Infiniband
Security hooks for XFRM operations.
Security hooks affecting all Key Management operations
Security hooks affecting all System V IPC operations.
Security hooks for individual messages held in System V IPC message queues
Security hooks for System V IPC Message Queues
Security hooks for System V Shared Memory Segments
Security hooks for System V Semaphores
Security hooks for Audit
Security hooks for the general notification queue:
Security hooks for using the eBPF maps and programs functionalities through eBPF syscalls.
Security hooks for perf events
Security hooks for io_uring