Smack (software)
   HOME

TheInfoList



Click Here for Items Related To - Smack (software)
OR:
Smack (software) on:   [Wikipedia]   [Google]   [Amazon]

Smack (full name: Simplified Mandatory Access Control Kernel) is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom
mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on a ...
(MAC) rules, with simplicity as its main design goal. It has been officially merged since the Linux 2.6.25 release, it was the main access control mechanism for the
MeeGo MeeGo is a discontinued Linux distribution hosted by the Linux Foundation, using source code from the operating systems Moblin (produced by Intel) and Maemo (produced by Nokia). Primarily targeted at mobile devices and information appliances ...
mobile Operating System. It is also used to sandbox HTML5 web applications in the Tizen architecture, in the commercial Wind River Linux solutions for embedded device development, in
Philips Koninklijke Philips N.V. (), commonly shortened to Philips, is a Dutch multinational conglomerate corporation that was founded in Eindhoven in 1891. Since 1997, it has been mostly headquartered in Amsterdam, though the Benelux headquarters i ...
Digital TV products., and in
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
's Ostro OS for IoT devices. Since 2016, Smack is required in all
Automotive Grade Linux Automotive Grade Linux (AGL) is an Open-source software, open source project hosted by Linux Foundation, The Linux Foundation that is building an open operating system and framework for automotive applications. AGL was launched in 2012 with foundin ...
(AGL) implementations where it provides in association with other Linux facilities the base for the AGL security framework.


Design

Smack consists of three components: *A kernel module that is implemented as a
Linux Security Module Linux Security Modules (LSM) is a Software framework, framework allowing the Linux kernel to support without bias a variety of computer security models. LSM is licensed under the terms of the GNU General Public License and is a standard part of the ...
. It works best with
file systems In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
that support
extended attributes Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem (such as permissions or ...
. *A startup script that ensures that device files have the correct Smack attributes and loads the Smack configuration. *A set of patches to the
GNU Core Utilities The GNU Core Utilities or coreutils is a package of GNU software containing implementations for many of the basic tools, such as cat, ls, and rm, which are used on Unix-like operating systems. In September 2002, the ''GNU coreutils'' were ...
package to make it aware of Smack extended file attributes. A set of similar patches to
Busybox BusyBox is a software suite that provides several Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, although many of the tools it provides are designed to work with in ...
were also created. SMACK does not require user-space support.


Criticism

Smack has been criticized for being written as a new LSM module instead of an
SELinux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space ...
security policy which can provide equivalent functionality. Such SELinux policies have been proposed, but none had been demonstrated. Smack's author replied that it would not be practical due to SELinux's complicated configuration syntax and the philosophical difference between Smack and SELinux designs.


References


Further reading

* * * * * * * {{Linux kernel 2008 software Linux kernel features Linux security software