Lsm

AppArmor (Application Armor) is a Linux Security Module (LSM) that provides a practical, easy-to-use Mandatory Access Control (MAC) framework for restricting the capabilities of applications. Unlike SELinux, which relies on complex policies, AppArmor simplifies security by using profile-based access control. Key Features Profile-Based Access Control: AppArmor restricts application behavior based on predefined profiles. Path-Based Security Policies: Unlike SELinux, which uses labels, AppArmor policies are based on file paths. Learning Mode: Allows administrators to create security profiles by observing application behavior. [Read More]

Landlock is a Linux Security Module (LSM) that provides a flexible, unprivileged sandboxing mechanism for applications. Unlike traditional LSMs such as SELinux and AppArmor, which enforce mandatory access control policies set by system administrators, Landlock allows applications to define their own security restrictions. This makes it a powerful tool for developers seeking to add additional security layers without requiring elevated privileges. Key Features Unprivileged Sandboxing: Landlock enables applications to apply security restrictions without requiring root access or administrative intervention. [Read More]

Linux Security Modules (LSM) Linux Security Modules (LSM) is a framework that allows different security models to be implemented as kernel modules. It provides the necessary hooks within the Linux kernel for implementing access control mechanisms beyond the traditional Unix permissions model. Several LSMs are available, each with different use cases and security policies. SELinux Security-Enhanced Linux (SELinux) is one of the most well-known Linux Security Modules. Developed by the NSA, SELinux enforces Mandatory Access Control (MAC) policies, restricting processes and users based on predefined security policies. [Read More]