LSM Capabilities Module

The LSM kernel patch moves most of the existing POSIX.1e capabilities logic into an optional security module stored in the file security/capability.c. This change allows users who do not want to use capabilities to omit this code entirely from their kernel, instead using the dummy module for traditional superuser logic or any other module that they desire. This change also allows the developers of the capabilities logic to maintain and enhance their code more freely, without needing to integrate patches back into the base kernel.

In addition to moving the capabilities logic, the LSM kernel patch could move the capability-related fields from the kernel data structures into the new security fields managed by the security modules. However, at present, the LSM kernel patch leaves the capability fields in the kernel data structures. In his original remarks, Linus suggested that this might be preferable so that other security modules can be easily stacked with the capabilities module without needing to chain multiple security structures on the security field. It also avoids imposing extra overhead on the capabilities module to manage the security fields. However, the LSM framework could certainly support such a move if it is determined to be desirable, with only a few additional changes described below.

At present, the capabilities logic for computing process capabilities on execve and set*uid, checking capabilities for a particular process, saving and checking capabilities for netlink messages, and handling the capget and capset system calls have been moved into the capabilities module. There are still a few locations in the base kernel where capability-related fields are directly examined or modified, but the current version of the LSM patch does allow a security module to completely replace the assignment and testing of capabilities. These few locations would need to be changed if the capability-related fields were moved into the security field. The following is a list of known locations that still perform such direct examination or modification of capability-related fields: