Access Control Methods
Linux security modules (LSM) framework
- Allows a system administrator to customize the access control policy
- Uses loadable kernel modules
- Kernel uses hooks inside the access control verification code to allow an LSM to enforce its access control policy
- Example: SELinux
- Developed by NSA
- Replaces Linux’s default discretionary access control policy with a mandatory access control (MAC) policy