Smack
The Simplified Mandatory Access Control Kernel (Smack)
provides a Linux kernel based Mandatory Access
Control (MAC) mechanism for protecting processes and data from
inappropriate manipulation. Smack is designed to be as simple as
possible while retaining the flexibility required to meet modern system
security needs.
Smack uses process, file, and network labels combined with an
easy to understand and manipulate way to identify the kind of accesses
that should be allowed.
Smack is included the mainline kernel. It works best with file
systems that support extended attributes.
Features include:
- Kernel based scheme that requires an absolute minimum of
application support and a very small amount of configuration data
- Provides mandatory access controls based on the label
attached to a task
- Datastate access control system - uses a combination of
Linux kernel based access control and event driven file scanning to
implement file content based access control
- Uses extended attributes and provides a set of general
mount options, borrowing technics used elsewhere
- Provides a pseudo-filesystem smackfs
- Easy administration
Return
to MAC/RBAC Tools Home Page
Last Updated Tuesday, April 24 2012 @ 02:43 PM EDT
| 
