Linux Security Modules

Author:

Casey Schaufler

Date:

July 2023

Linux security modules (LSM) provide a mechanism to implement additional access controls to the Linux security policies.

The various security modules may support any of these attributes:

LSM_ATTR_CURRENT is the current, active security context of the process. The proc filesystem provides this value in /proc/self/attr/current. This is supported by the SELinux, Smack and AppArmor security modules. Smack also provides this value in /proc/self/attr/smack/current. AppArmor also provides this value in /proc/self/attr/apparmor/current.

LSM_ATTR_EXEC is the security context of the process at the time the current image was executed. The proc filesystem provides this value in /proc/self/attr/exec. This is supported by the SELinux and AppArmor security modules. AppArmor also provides this value in /proc/self/attr/apparmor/exec.

LSM_ATTR_FSCREATE is the security context of the process used when creating file system objects. The proc filesystem provides this value in /proc/self/attr/fscreate. This is supported by the SELinux security module.

LSM_ATTR_KEYCREATE is the security context of the process used when creating key objects. The proc filesystem provides this value in /proc/self/attr/keycreate. This is supported by the SELinux security module.

LSM_ATTR_PREV is the security context of the process at the time the current security context was set. The proc filesystem provides this value in /proc/self/attr/prev. This is supported by the SELinux and AppArmor security modules. AppArmor also provides this value in /proc/self/attr/apparmor/prev.

LSM_ATTR_SOCKCREATE is the security context of the process used when creating socket objects. The proc filesystem provides this value in /proc/self/attr/sockcreate. This is supported by the SELinux security module.

Kernel interface

Set a security attribute of the current process

long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx __user *ctx, u32 size, u32 flags)

Set current task’s security module attribute

Parameters

unsigned int attr

which attribute to set

struct lsm_ctx __user * ctx

the LSM contexts

u32 size

size of ctx

u32 flags

reserved for future use

Description

Sets the calling task’s LSM context. On success this function returns 0. If the attribute specified cannot be set a negative value indicating the reason for the error is returned.

Get the specified security attributes of the current process

long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx __user *ctx, u32 __user *size, u32 flags)

Return current task’s security module attributes

Parameters

unsigned int attr

which attribute to return

struct lsm_ctx __user * ctx

the user-space destination for the information, or NULL

u32 __user * size

pointer to the size of space available to receive the data

u32 flags

special handling options. LSM_FLAG_SINGLE indicates that only attributes associated with the LSM identified in the passed ctx be reported.

Description

Returns the calling task’s LSM contexts. On success this function returns the number of ctx array elements. This value may be zero if there are no LSM contexts assigned. If size is insufficient to contain the return data -E2BIG is returned and size is set to the minimum required size. In all other cases a negative value indicating the error is returned.

long sys_lsm_list_modules(u64 __user *ids, u32 __user *size, u32 flags)

Return a list of the active security modules

Parameters

u64 __user * ids

the LSM module ids

u32 __user * size

pointer to size of ids, updated on return

u32 flags

reserved for future use, must be zero

Description

Returns a list of the active LSM ids. On success this function returns the number of ids array elements. This value may be zero if there are no LSMs active. If size is insufficient to contain the return data -E2BIG is returned and size is set to the minimum required size. In all other cases a negative value indicating the error is returned.

Additional documentation