Linus Torvalds Agrees to Kernel Lockdown » Linux Magazine
Linus Torvalds has in any case agreed to put into effect lockdown characteristic to the Linux kernel. The options was once proposed a number of years in the past however was once rejected via Torvalds.
The upcoming free up of Linux, model five.four, will come with this selection as a Linux Security Module (LSM). It can have two lockdown modes: “integrity” and “confidentiality.”
Torvalds defined that, “If set to integrity, kernel features that allow userland to modify the running kernel are disabled. If set to confidentiality, kernel features that allow userland to extract confidential information from the kernel are also disabled.”
According to ZDNet, the brand new characteristic’s number one serve as will probably be to enhance the divide between userland processes and kernel code – even the foundation consumer can have restricted acces.
The characteristic will probably be disabled via default as it would lead to surprising behaviors. Many Linux distributions, together with Ubuntu and Red Hat have already applied their very own lockdown options the use of further modules.