Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [lsm]

Linux Security Modules (LSM) is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation.

18 questions
13
votes
1 answer

Core difference between SELinux and Apparmor

What is the core [or kernel level] difference of SELinux and Apparmor?
arif
  • 1,379
  • 3
  • 15
  • 27
7
votes
2 answers

How to determine if and which linux security module (LSM) is available?

Is there a way to find out if and in case which linux security LSM (apparmor, selinux, grsecurity) is used by the kernel? To be more specific let's assume I am a legimate root user of the machine? If information available also it would be nice to…
humanityANDpeace
  • 13,722
  • 13
  • 61
  • 107
4
votes
2 answers

Are there other LSM (Linux Security Modules) in addition to SELinux and AppArmor?

In researching this U&L Q&A titled: permission denied for ptrace under GDB, the question came up, "Is there other software similar to SELinux & AppArmor?". User @IwillnotexistIdonotexist mentioned 2 that I'd never heard of: Smack & Yama. He found…
slm
  • 363,520
  • 117
  • 767
  • 871
3
votes
1 answer

Are LSM tools such as AppArmor and SELinux considered IDS/IPS?

I know this is kind of an odd question. An IDS/IPS basically autonomously recognizes and optionally prevents intrusions. And while SELinux and AppArmor seem to be trying to do the same, they are never labelled as IDS/IPS. Am I missing something?…
Nephilim
  • 49
  • 5
2
votes
0 answers

Yama LSM seems to do nothing. RHEL/Centos 7.5

The Yama security module is supposed to be able to prevent users from running the ptrace system call, yet even with kernel.yama.ptrace_scope set to 3, users can still run strace (which uses ptrace). From the docs: 3 - no attach: no processes may use…
Graham Nicholls
  • 702
  • 1
  • 9
  • 20
2
votes
1 answer

Enabling AppArmor in Linux

I've compiled a kernel (linux-libre-xtreme) with this configuration, it has most LSMs enabled: YAMA, SMACK, AppArmor, TOMOYO and SELinux. However, when I start the apparmor service with OpenRC I get: # rc-service apparmor start * Stopping AppArmor…
Megver83
  • 301
  • 3
  • 11
2
votes
1 answer

Why are there no LSM hooks in the POSIX IPC APIs?

As I understand it, the Linux Security Module (LSM) framework has many hooks which are callbacks for security modules to register functions performing additional security checks before security-sensitive operations. Most of the time, these hooks are…
lgeorget
  • 13,656
  • 2
  • 41
  • 63
1
vote
1 answer

Interception syscalls and make change in their arguments

I'm interested to write a kernel program that can have all possible controls on syscalls, such as intersection, filtering, and make changes in their arguments. I look up for two goals: read system calls and their arguments and decide to block or…
Mostafa Sarmad
  • 11
  • 6
1
vote
1 answer

Linux Security Modules - SELinux/AppArmor

can someone explain to me why SELinux is officially broken under Ubuntu while AppArmor works fine? AppArmor is build on the "Linux Security Modules" framework and so is SELinux. As a result, shouldn't both run smoothly under Ubuntu? I probably have…
Questa
  • 11
  • 1
1
vote
1 answer

How can I recompile only a specific part of the Linux kernel on Debian Buster?

I'm currently developing a Linux Security Module which is stored in the security directory of the kernel source tree. When I compile and install the kernel using the following commands, the module is loaded and everything is working fine: fakeroot…
unbekannt
  • 21
  • 3
1
vote
1 answer

LSM Hooks - What is the difference between inode hooks to path hooks

There are two groups of LSM hooks under Security hooks for inode operations: inode_* and path_*. Many of them look identical. For example, inode_link and path_link. What is the difference between the inode and path hooks? When each should be used?
Yosef Arbiv
  • 121
  • 4
1
vote
1 answer

SELinux vs AppArmor applicability

I am going through some primers on LSM implementations so eventually I am digging a bit into AppArmor and SELinux. I am aware of this discussion but this does not make very clear one question I am having in regard to these two LSM…
pkaramol
  • 2,587
  • 4
  • 36
  • 71
1
vote
1 answer

Is it MAC or DAC

I am having trouble seeing the utility or use of the LSM attribute/caps implementations. I've put together a pseudo code snippet of sorts to try to express my concern and question. It's modeled after a diagram from (p…
user33567
1
vote
0 answers

Selinux inode security struct allocation

i'm trying to understand allocation of inode_security_struct in Selinux. I looked for a source code of selinux and there is only one allocation of this struct on line 230 in hooks.c file. This allocation is in LSM hook which is called when inode is…
viliam
  • 11
  • 2
0
votes
1 answer

Why the struct lsm_id is not present in linux kernel source tree

I am writing an LSM, and I am compiling it using my kernel 6.2.0-20-generic. When I browse the files in /lib/modules/6.2.0-20-generic/build, I can see that there is a struct named lsm_id. But When I examine the recent Linux source tree in Github, I…
maysara
  • 103
  • 4
1
2