8. Stacking with Other Modules

This section describes the current support for stacking SELinux with other security modules. LSM provides only minimal support for stacking security modules, providing hooks for this purpose but deferring the details of how stacking is handled to the primary security module. At present, the SELinux security module only functions as a primary security module and provides minimal support for using either the dummy security module (traditional superuser logic) or the capabilities security module as a secondary security module. This allows SELinux to be combined with either the traditional superuser logic or with the Linux capabilities logic. SELinux also provides some support for stacking with the owlsm security module, but only for options which do not require the use of the LSM security fields (i.e. not CONFIG_OWLSM_FD).

As mentioned in Section 7, the selinux_plug_init function initializes the secondary security module to the dummy security module, which is always resident in the kernel, prior to registering the SELinux security module. This allows the SELinux hook functions to safely call the secondary hook functions. The selinux_register_security hook function sets the secondary security module to a different module, such as the capabilities module. The selinux_unregister_security hook function restores the secondary security module to the dummy security module.

The dummy, capabilities, and owlsm security modules only implement a very small subset of the hook functions. Hence, at present, the SELinux security module only calls the secondary security module for this small set of hooks. Additionally, some of these hook functions are implemented in terms of the capable function, so stacking the capable hook is sufficient to cover them as well. However, there would be no harm other than performance in always calling the secondary security module. The SELinux hook functions that call the secondary security module are:

More detail about these hook functions can be found in Section 23, Section 12, Section 11, and Section 14.

The dummy and capabilities security modules are easy to stack with SELinux because they do not use the security fields LSM added to the kernel data structures. Stacking the SELinux module with any module that does use these fields will require the definition of a common security object header with a module identifier and a link for chaining multiple security objects on a single security field. This has not yet been a priority.