HOME

TheInfoList



Click Here for Items Related To - Smack (software)
OR:
Smack (software) on:   [Wikipedia]   [Google]   [Amazon]

Smack (full name: Simplified Mandatory Access Control Kernel) is a
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ...
security module that protects data and process interaction from malicious manipulation using a set of custom
mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on an ...
(MAC) rules, with simplicity as its main design goal. It has been officially merged since the Linux 2.6.25 release, it was the main access control mechanism for the
MeeGo MeeGo is a discontinued Linux distribution hosted by the Linux Foundation, using source code from the operating systems Moblin (produced by Intel) and Maemo (produced by Nokia). Primarily targeted at mobile devices and information appliances ...
mobile Operating System. It is also used to sandbox HTML5 web applications in the
Tizen Tizen () is a Linux-based mobile operating system backed by the Linux Foundation, mainly developed and used primarily by Samsung Electronics. The project was originally conceived as an HTML5-based platform for mobile devices to succeed MeeGo ...
architecture, in the commercial Wind River Linux solutions for embedded device development, in
Philips Koninklijke Philips N.V. (), commonly shortened to Philips, is a Dutch multinational conglomerate corporation that was founded in Eindhoven in 1891. Since 1997, it has been mostly headquartered in Amsterdam, though the Benelux headquarters is ...
Digital TV products., and in
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the devel ...
's Ostro OS for IoT devices. Since 2016, Smack is required in all
Automotive Grade Linux Automotive Grade Linux (AGL) is an open source project hosted by The Linux Foundation that is building an open operating system and framework for automotive applications. AGL was launched in 2012 with founding members including Jaguar Land Rover, ...
(AGL) implementations where it provides in association with other Linux facilities the base for the AGL security framework.


Design

Smack consists of three components: *A kernel module that is implemented as a
Linux Security Module Linux Security Modules (LSM) is a framework allowing the Linux kernel to support without bias a variety of computer security models. LSM is licensed under the terms of the GNU General Public License and is a standard part of the Linux kernel sinc ...
. It works best with
file systems In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
that support extended attributes. *A startup script that ensures that device files have the correct Smack attributes and loads the Smack configuration. *A set of patches to the
GNU Core Utilities The GNU Core Utilities or coreutils is a package of GNU software containing implementations for many of the basic tools, such as cat, ls, and rm, which are used on Unix-like operating systems. In September 2002, the ''GNU coreutils'' were cr ...
package to make it aware of Smack extended file attributes. A set of similar patches to
Busybox BusyBox is a software suite that provides several Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, although many of the tools it provides are designed to work with int ...
were also created. SMACK does not require user-space support.


Criticism

Smack has been criticized for being written as a new LSM module instead of an
SELinux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space ...
security policy which can provide equivalent functionality. Such SELinux policies have been proposed, but none had been demonstrated. Smack's author replied that it would not be practical due to SELinux's complicated configuration syntax and the philosophical difference between Smack and SELinux designs.


References


Further reading

* * * * * * * {{Linux kernel 2008 software Linux kernel features Linux security software