Enforcement

It works on the kernel, as a Linux Security Module.

Linux Security Modules (LSM)

Linux kernel framework (since 2.6).

Provides “hooks” for arbitrary module inspection of system calls that are about to provide access to relevant system objects.

Hooks provided by Linux Security Modules

• Module – control over module loading and unloading.

• Network – control over sockets, transport layer, network layer etc.

• Task – control over the lifecycle of a task.

• Virtual File system – control over superblock, inode, and actual file operations.

• IPC – control over IPC mechanisms like message queues, shared memory, and semaphores.