LSM API
E724148
LSM API is the kernel-level interface in Linux that allows security modules to enforce access control and other security policies.
All labels observed (1)
| Label | Occurrences |
|---|---|
| LSM API canonical | 1 |
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf | Linux kernel security framework interface ⓘ |
| allows | security modules to mediate kernel operations ⓘ |
| alsoKnownAs | Linux Security Modules API NERFINISHED ⓘ |
| category |
computer security
ⓘ
operating system security ⓘ |
| controlledBy | Kconfig options in the Linux kernel build system ⓘ |
| designedFor | pluggable security modules ⓘ |
| documentationLocation | Linux kernel Documentation/security/lsm.rst ⓘ |
| enables |
fine-grained access control decisions
ⓘ
per-object and per-subject security labeling ⓘ stacking of multiple security modules in some configurations ⓘ |
| fullName | Linux Security Modules Application Programming Interface NERFINISHED ⓘ |
| governedBy | Linux kernel development process ⓘ |
| implements | security hooks in critical kernel code paths ⓘ |
| introducedTo | provide a general framework for security enhancements without hard-coding a single policy ⓘ |
| maintainedIn | Linux kernel mainline source tree NERFINISHED ⓘ |
| operatesAt | kernel level ⓘ |
| partOf | Linux kernel NERFINISHED ⓘ |
| platform | Linux ⓘ |
| primaryPurpose |
enforce access control policies
ⓘ
enforce other security policies ⓘ support security modules ⓘ |
| provides | set of hooks in the Linux kernel ⓘ |
| relatedTo |
Linux capabilities system
ⓘ
Linux cgroups ⓘ Linux namespaces NERFINISHED ⓘ |
| requires | modification or configuration of the Linux kernel ⓘ |
| scope |
file system operations
ⓘ
inter-process communication ⓘ kernel object access ⓘ networking operations ⓘ process management ⓘ |
| securityModel | policy-agnostic framework ⓘ |
| supports |
capability-based security
ⓘ
confidentiality mechanisms ⓘ discretionary access control ⓘ integrity protection mechanisms ⓘ mandatory access control ⓘ |
| supportsProgrammingLanguage | C NERFINISHED ⓘ |
| usedBy |
AppArmor
NERFINISHED
ⓘ
Landlock NERFINISHED ⓘ SELinux NERFINISHED ⓘ Smack NERFINISHED ⓘ TOMOYO Linux NERFINISHED ⓘ Yama NERFINISHED ⓘ |
| usedIn |
embedded Linux systems
ⓘ
general-purpose Linux distributions ⓘ server and cloud Linux deployments ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.