Linux Security Module Development

Based on https://lkml.org/lkml/2007/10/26/215, a new LSM is accepted into the kernel when its intent (a description of what it tries to protect against and in what cases one would expect to use it) has been appropriately documented in Documentation/admin-guide/LSM/. This allows an LSM’s code to be easily compared to its goals, and so that end users and distros can make a more informed decision about which LSMs suit their requirements.

For extensive documentation on the available LSM hook interfaces, please see include/linux/lsm_hooks.h and associated structures:

union security_list_options

Linux Security Module hook function list

Definition

union security_list_options {
#define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
  ;
#include "lsm_hook_defs.h";
#undef LSM_HOOK;
};

Members

Description

Security hooks for program execution operations.

Security hooks for mount using fs_context.
[See also Filesystem Mount API]

Security hooks for filesystem operations.

Security hooks for inode operations.

Security hooks for kernfs node operations

Security hooks for file operations

Security hooks for task operations.

Security hooks for Netlink messaging.

Security hooks for Unix domain networking.

The unix_stream_connect and unix_may_send hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn’t possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code.

Security hooks for socket operations.

Security hooks for SCTP

Security hooks for Infiniband

Security hooks for XFRM operations.

Security hooks affecting all Key Management operations

Security hooks affecting all System V IPC operations.

Security hooks for individual messages held in System V IPC message queues

Security hooks for System V IPC Message Queues

Security hooks for System V Shared Memory Segments

Security hooks for System V Semaphores

Security hooks for Audit

Security hooks for the general notification queue:

Security hooks for using the eBPF maps and programs functionalities through eBPF syscalls.

Security hooks for perf events