Following this email will be seven patches which provide LSM networking components for the 2.5.42 kernel: 1. Netdevice hooks 2. skb hooks 3. Socket hooks 4. IPv4 hooks 5. Netlink hooks 6. Unix domain hooks 7. TCP hooks These represent all of the current LSM networking features, split into cumulative patches. In a nutshell, LSM (Linux Security Modules) is a general purpose framework for access control, allowing various security projects (e.g. SELinux, LIDS etc.) to be implemented without needing to patch the kernel. The basic concept of LSM is 'mediated access to kernel objects', which roughly translates to placing void pointers into key structs which can be used to store security state, then adding a series of hooks which maintain per-object security state and allow access decisions to be made. It is up to the security module to implement policies for maintaining security state and which access hooks to choose (i.e. LSM aims to be mechanism, not policy). Much more information on LSM and its design can be found at the LSM web site: http://lsm.immunix.org/ , notably the Usenix and OLS papers. The networking components were largely modeled on the requirements of SELinux, which is itself a somewhat generic mandatory access control system. Specific aims for the networking in LSM are to provide support for: general access control, the SELinux extended socket API, and labeled networking. Several additional projects are believed to be under development which make significant use of the networking components, although SELinux is the best currently available example. The performance impact of LSM has been examined using macro (Webstone) and micro (lmbench) benchmarks on a dual SMP system. The last set of data, which was generated around the time of the last kernel summit, indicates that there is no measurable impact on networking at 100Mbps LAN speeds (the variations were basically noise). At 1Gbps, the Webstone throughput figures showed a 1-2% impact, although it's not clear how much of this is the specific result of the networking hooks (i.e. non-networking LSM hooks were probably also contributing). The bw_tcp microbenchmark showed an impact of 0.3-0.6% at gigabit speed. Some changes (notably, the recent addition some TCP hooks) have been made to LSM since these tests, and the tests can be run again if needed. There's also the issue of the new flow cache code, which will probably require changes to some of the LSM networking hooks. The LSM developers are open to suggestions for optimizations and improvements, and can be reached reliably at the lsm address on the cc list above. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 07:36:25 PDT