Projects

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Kernel Security Projects

Access Control

  • Linux Security Modules (LSM), the API for access control frameworks
  • AppArmor, a pathname-based access control system
  • Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework
  • Smack, the Simplified Mandatory Access Control Kernel for Linux
  • TOMOYO, another pathname-based access control system (LiveCD available)
  • grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...)
  • Rule Set Based Access Control (RSBAC), Linux kernel patch implementing a security framework
  • FBAC-LSM aims to provide easy to configure (functionality-based) application restrictions
  • Yama adds restrictions to ptrace, providing a programmatic way to declare relationships between processes

Integrity

This is a rapidly developing area, see the following LWN article for an overview:

Privileges

Networking

There are several separately maintained projects relating to network security, including:

  • Netfilter packet filtering
  • Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog
  • NuFW authenticating firewall based on Netfilter


Storage

  • Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol
  • dm-verity, a device mapper target for efficient, integrity-assured block devices

Cryptography

The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.