Linux Security Module

Linux Security Module
Name	Linux Security Module
Developer	Linus Torvalds, The Linux Foundation
Released	2002
Programming language	C (programming language)
Operating system	Linux kernel
License	GNU General Public License

Contents

Overview
Architecture and Design
Major Implementations and Policies
Integration and Configuration
Performance and Security Considerations
History and Development
See also

Linux Security Module

Linux Security Module provides a kernel-level framework for implementing access control and security policies in the Linux kernel. It enables modular security architectures and supports a range of third-party policies and subsystems, allowing projects such as SELinux, AppArmor, Tomoyo Linux, and SMACK to integrate with the kernel without modifying core kernel code. The framework influences how distributions like Red Hat Enterprise Linux, Ubuntu (operating system), SUSE Linux Enterprise, and projects such as Debian and Fedora Linux implement mandatory access controls and confinement.

Overview

LSM defines hooks and APIs in the Linux kernel to permit security modules to mediate low-level operations such as file access, process execution, inter-process communication, and networking. It decouples policy enforcement from kernel subsystems used by major vendors and projects including Red Hat, Canonical (company), SUSE, IBM, and Oracle Corporation. This separation has implications for compliance regimes like Common Criteria certifications and projects such as OpenSSL and systemd that interact with access controls. The framework has been discussed in academic venues including Usenix, ACM SIGOPS, IEEE Symposium on Security and Privacy, and at conferences like Black Hat and Def Con.

Architecture and Design

LSM exposes hooks at critical kernel points in subsystems developed by contributors such as The Linux Foundation and implementers working with Kernel.org. Hooks cover objects managed by kernel subsystems: inodes, sockets, credentials, mounts and namespaces used by Docker (software), Kubernetes, LXC (Linux Containers), and systemd. The design calls for small, well-audited interfaces to reduce attack surface; it aligns with engineering practices advocated by figures like Linus Torvalds, Greg Kroah-Hartman, and Theodore Ts'o. LSM supports stacking strategies explored in implementations and research by contributors from Red Hat Research, IBM Research, Google, Microsoft Research, and academic groups at MIT, Stanford University, University of California, Berkeley, ETH Zurich, and University of Cambridge.

Major Implementations and Policies

Prominent security modules using the framework include Security-Enhanced Linux (SELinux) developed by NSA and maintained by Red Hat, AppArmor created by Tresys Technology and used in Ubuntu (operating system), Tomoyo Linux originating in Japan, and Smack (Simplified Mandatory Access Control Kernel) used in embedded contexts including projects by Intel Corporation and Samsung Electronics. Other notable projects and policies built on LSM include integrations for container runtimes like CRI-O, containerd, and orchestration by Kubernetes as well as confinement mechanisms used by Snapcraft and Flatpak. Commercial and open-source vendors—Canonical (company), Red Hat, SUSE, Oracle Corporation, IBM—contribute to policy tooling and certification efforts tied to standards such as FIPS and PCI DSS.

Integration and Configuration

Kernel configuration options determine LSM behavior at build time; distributions expose control via boot parameters and init systems like systemd and SysVinit. Administrators manage policies using utilities from projects such as SELinux Project, AppArmor Utilities, and policy compilers maintained by Red Hat and Canonical (company). Integration with container ecosystems involves tools like Podman and image tooling in OpenShift and Docker (software), while orchestration interactions appear in Kubernetes admission controllers and runtime security plugins. Enterprises commonly integrate LSM-based controls with access management systems from Red Hat, IBM, Microsoft, and identity providers such as Okta or Ping Identity in hybrid cloud deployments across providers like Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Performance and Security Considerations

Adding policy checks at kernel hook points introduces overhead; kernel developers including Ingo Molnár and Olivier Poitrey emphasize microbenchmarks and regression testing via LTP (Linux Test Project) and CI systems like kernelci. Performance impact varies by module and workload; vendors such as Red Hat, Canonical (company), and researchers at Google and Intel Corporation publish tuning guidance and mitigations like policy pruning, targeted rule sets, and use of eBPF by Brendan Gregg and teams at Netflix to reduce cost. Security auditing leverages tools and processes from OpenSCAP, CIS (Center for Internet Security), and continuous integration pipelines used by GitHub and GitLab to validate policies and configurations.

History and Development

The framework originated in early 2000s kernel development discussions involving contributors such as Rusty Russell and maintainers around Linux kernel trees hosted at Kernel.org. It was formalized and merged into upstream kernel mainline by kernel maintainers working with Linus Torvalds in the 2.6 series and evolved through contributions from Red Hat, NSA, Novell, Canonical (company), and independent developers. Over time LSM expanded to support features like inode and task credentials, pursued stacking strategies debated in lists like linux-kernel and tracked in repositories on GitHub and Kernel.org. The project has been the subject of academic papers presented at Usenix Security Symposium, ACM CCS, and NDSS and continues to evolve with contributions from corporations such as Google, Microsoft, Amazon and academic partners at Carnegie Mellon University and Princeton University.