1.LSM Framework (Linux secrity Module) It is a lightweight access control framework for a variety of access control models implemented in the form of kernel loadable modules. The user can choose the appropriate security module to load onto the Linux kernel. Its design idea, in the case of the minimum change of kernel code, provides a structure or interface that can implement mandatory access module selection yo. The LSM framework allows the security module to be loaded into the kernel as a plug-in, and SELinux is loaded into the Linux kernel as a security module. such as:
Figure 1
In the LSM framework, SELinux does not take effect until the traditional Linux access check is passed.
2.SELinux LSM (Linux secrity module) modules The SELinux kernel architecture reflects the flash architecture, including three important components such as Secure Server, Object Manager, and access vector cache.
Figure 2 in Linux, the security server for kernel objects is located in the SELinux LSM module.
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
3. "SELinux Learning Notes" architecture