LinuxSecuritySummit2011/Abstracts/Schaufler Smack

From Linux Security Wiki (obsolete)
Revision as of 05:05, 15 June 2011 by JamesMorris (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Smack is Alive and Well


Casey Schaufler


The Simplified Mandatory Access Control Kernel (Smack) has seen some significant improvements over the past year in response to user requests. These changes are primarily oriented toward the security requirements of embedded and mobile systems. Some of the changes are intended to meet specific needs, but they have been architected for general use.

The talk starts with a brief update on the distributions and end users known to have adopted Smack as their LSM of choice. The current emphasis of Smack directions on embedded systems is explained. Changes to handling UDS sockets are described. The rationale behind allowing programs to run with a set Smack label are covered. The somewhat arcane treatment of mmap is detailed. The ioctl for checking Smack access permissions is presented. The per-task Smack rule list and its intended use are noted. Availability of user space Smack tools are pointed out. Finally, there will be a peek at the current directions and expected future enhancements.

Personal tools