How to determine if and which linux security module (LSM) is available?

Question

Is there a way to find out if and in case which linux security LSM (apparmor, selinux, grsecurity) is used by the kernel?

To be more specific let's assume I am a legimate root user of the machine?

If information available also it would be nice to furthermore know: With regard to the question, is there a difference with considering the machine being (a) a local computer, (b) a dedicated server and (c) a virtual server "vServer"

update

I know that I could for instance install the user-space stuff (on a debian for instance apt-get install apparmor) and check if it yields results related to the specific LSM. So I could do for apparmor sudo apparmor_status which would then for instance yield: apparmor module is not loaded. which helps me rule out that option. Yet I was looking for a more general approach covering most/all LSM.

update2

I have discovered the path /sys/kernel/security. Maybe this is helpful finding an answer?

Answer 1

Yes you can check /sys/kernel/security what's available.

See also dmesg or /proc/cmdline for boot settings.

If your config.gz available then

zgrep CONFIG_SECURITY /proc/config.gz

else

grep CONFIG_SECURITY /boot/config-`uname -r`

Answer 2

Another thing you can do is search for built-in modules under /sys/module.

E.g., on Ubuntu 16.04 which has apparmor enabled, the following directory exists:

/sys/module/apparmor/

See also: https://superuser.com/questions/287371/obtain-kernel-config-from-currently-running-linux-system

Unfortunately, neither ls /sys/kernel/security or ls /sys/module/ showed anything for selinux on Android AOSP in QEMU, which seems to have selinux, I wonder why.

If the kernel is build with SELinux, boot dmesg contains:

SELinux:  Initializing.