The LSM kernel patch modifies the kernel in five primary ways. First, it adds opaque security fields to certain kernel data structures, described in Section 4.1.1. Second, the patch inserts calls to security hook functions at various points within the kernel code, described in Section 4.1.2. Third, the patch adds a generic security system call, described in Section 4.1.3. Fourth, the patch provides functions to allow kernel modules to register and unregister themselves as security modules, described in Section 4.1.4. Finally, the patch moves most of the capabilities logic into an optional security module, described in Section 4.1.5.