Linux Security Modules API
E193776
The Linux Security Modules API is a kernel-level framework in Linux that allows the implementation of pluggable security policies and access control mechanisms such as AppArmor and SELinux.
All labels observed (5)
| Label | Occurrences |
|---|---|
| LSM (Linux Security Modules) | 1 |
| Linux Security Modules | 1 |
| Linux Security Modules API canonical | 1 |
| Linux kernel security subsystem contributions | 1 |
| Linux security modules | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1718413 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Linux Security Modules API Context triple: [AppArmor, implements, Linux Security Modules API]
-
A.
SELinux
SELinux (Security-Enhanced Linux) is a Linux kernel security module that provides a flexible, fine-grained mandatory access control (MAC) framework to enforce strict security policies on systems.
-
B.
Trusted Platform Module 2.0
Trusted Platform Module 2.0 is a hardware-based security chip standard that provides cryptographic functions and secure key storage to enhance system integrity and protection against tampering.
-
C.
AppArmor
AppArmor is a Linux kernel security module that confines programs to a limited set of resources using per-application security profiles to reduce the impact of vulnerabilities and attacks.
-
D.
Encrypting File System
Encrypting File System is a Windows feature that provides transparent file-level encryption to protect data stored on NTFS volumes.
-
E.
TrustZone security extension
TrustZone security extension is ARM's hardware-based security technology that creates isolated execution environments to protect sensitive code and data on system-on-chip devices.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Linux Security Modules API Target entity description: The Linux Security Modules API is a kernel-level framework in Linux that allows the implementation of pluggable security policies and access control mechanisms such as AppArmor and SELinux.
-
A.
SELinux
SELinux (Security-Enhanced Linux) is a Linux kernel security module that provides a flexible, fine-grained mandatory access control (MAC) framework to enforce strict security policies on systems.
-
B.
Trusted Platform Module 2.0
Trusted Platform Module 2.0 is a hardware-based security chip standard that provides cryptographic functions and secure key storage to enhance system integrity and protection against tampering.
-
C.
AppArmor
AppArmor is a Linux kernel security module that confines programs to a limited set of resources using per-application security profiles to reduce the impact of vulnerabilities and attacks.
-
D.
Encrypting File System
Encrypting File System is a Windows feature that provides transparent file-level encryption to protect data stored on NTFS volumes.
-
E.
TrustZone security extension
TrustZone security extension is ARM's hardware-based security technology that creates isolated execution environments to protect sensitive code and data on system-on-chip devices.
- F. None of above. chosen
Statements (45)
| Predicate | Object |
|---|---|
| instanceOf |
Linux kernel security framework
ⓘ
application programming interface ⓘ |
| aimsTo |
avoid hard-coding a single security policy in the kernel
ⓘ
provide a general framework for security enhancements ⓘ |
| allows | stacking of certain security modules ⓘ |
| alsoKnownAs | LSM API ⓘ |
| category |
Linux security
ⓘ
computer security framework ⓘ |
| controls |
access to IPC objects
ⓘ
access to files ⓘ access to sockets ⓘ kernel object labeling ⓘ network operations ⓘ task and process operations ⓘ |
| designedFor |
extensibility of Linux security model
ⓘ
supporting multiple concurrent security modules ⓘ |
| documentedIn | Linux kernel documentation ⓘ |
| enables |
loadable security modules
ⓘ
separation of security policy from core kernel logic ⓘ |
| governedBy | Linux kernel community ⓘ |
| hasComponent |
security blobs for kernel objects
ⓘ
security hooks ⓘ security operations structures ⓘ |
| implementedIn | C ⓘ |
| influenced | design of security modules such as SELinux ⓘ |
| introducedIn |
Linux kernel
ⓘ
surface form:
Linux 2.6 series
|
| maintainedAs | part of mainline Linux kernel source tree ⓘ |
| operatesAt | kernel level ⓘ |
| partOf | Linux kernel ⓘ |
| provides |
interfaces for security modules to enforce policies
ⓘ
security hooks in kernel code paths ⓘ |
| relatedTo |
Linux containers
ⓘ
surface form:
Linux namespaces
POSIX capabilities ⓘ cgroups ⓘ |
| runsOn | Linux ⓘ |
| supports |
pluggable access control mechanisms
ⓘ
pluggable security policies ⓘ |
| supportsModel |
capability-based security
ⓘ
discretionary access control ⓘ mandatory access control ⓘ |
| usedBy |
AppArmor
ⓘ
SELinux ⓘ Smack ⓘ TOMOYO Linux ⓘ Yama ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Linux Security Modules API Description of subject: The Linux Security Modules API is a kernel-level framework in Linux that allows the implementation of pluggable security policies and access control mechanisms such as AppArmor and SELinux.
Referenced by (5)
Full triples — surface form annotated when it differs from this entity's canonical label.