Linux Security Modules - History

History

At the 2001 Linux Kernel Summit, the NSA proposed that SELinux be included in Linux 2.5. Linus Torvalds rejected SELinux at that time, because he observed that there are many different security projects in development, and since they all differ, the security community has not yet formed consensus on the ultimate security model. Instead, Linus charged the security community to "make it a module".

In response, Crispin Cowan proposed LSM: an interface for the Linux kernel that provides sufficient "hooks" (upcalls) from within the Linux kernel to a loadable module so as to allow the module to enforce mandatory access controls. Development of LSM over the next two years was conducted by the LSM community, including substantial contributions from the Immunix Corporation, the NSA, McAfee, IBM, Silicon Graphics, and many independent contributors. LSM was ultimately accepted into the Linux kernel mainstream and was included as a standard part of Linux 2.6 in December 2003.

In 2006, some kernel developers observed that SELinux was the only widely used LSM module included in the mainstream Linux kernel source tree. If there is to be only one widely used LSM module, it was reasoned, then the indirection of LSM is unnecessary, and LSM should be removed and replaced with SELinux itself. However, there are other LSM modules maintained outside of the mainstream kernel tree (AppArmor, Linux Intrusion Detection System, FireFlier, CIPSO, Multi ADM, etc.), so this argument led to two results: 1. that developers of these modules started putting effort into upstreaming their respective modules, and 2. at the 2006 Kernel Summit, Linus once again asserted that LSM would stay because he does not want to arbitrate which is the best security model. LSM is likely to remain since an additional security module TOMOYO Linux was accepted in the mainline kernel version 2.6.30 (June 2009). With version 2.6.36, another security module (AppArmor) was accepted in the mainline kernel.

Read more about this topic:  Linux Security Modules

Famous quotes containing the word history:

    There has never been in history another such culture as the Western civilization M a culture which has practiced the belief that the physical and social environment of man is subject to rational manipulation and that history is subject to the will and action of man; whereas central to the traditional cultures of the rivals of Western civilization, those of Africa and Asia, is a belief that it is environment that dominates man.
    Ishmael Reed (b. 1938)

    Classes struggle, some classes triumph, others are eliminated. Such is history; such is the history of civilization for thousands of years.
    Mao Zedong (1893–1976)

    What we call National-Socialism is the poisonous perversion of ideas which have a long history in German intellectual life.
    Thomas Mann (1875–1955)