The Linux kernel supports the classical UNIX security policies of mode bits, and a partial implementation of the draft POSIX.1e ``capabilities'' standard, which in many cases is not adequate. The combination of open source code and broad popularity has made Linux a popular target for enhanced security projects. While this works, in that many powerful security enhancements are available, it presents a significant barrier to entry for users who are unable or unwilling to deploy custom kernels.
The Linux Security Modules (LSM) project exists to ease this barrier to entry by providing a standard loadable module interface for security enhancements. We presented the motivation, design, and implementation of the LSM interface. LSM provides an interface that is rich enough to enable a wide variety of security modules, while imposing minimal disturbance to the Linux source code, and minimal performance overhead on the Linux kernel. Several robust security modules are already available for LSM.
LSM is currently implemented as a patch to the standard Linux kernel. A patch is being maintained for the latest versions of the 2.4 stable series and the 2.5 development series. The goal of the LSM project is for the patch to be adopted into the standard Linux kernel as part of the 2.5 development series, and eventually into most Linux distributions.