/timgad

Timgad is a Linux Security Module that collects per process and system-wide security protections that are not handled by the core kernel itself.

Primary LanguageCGNU General Public License v2.0GPL-2.0

Timgad

Timgad is a Linux Security Module that collects per process and system-wide security protections that are not handled by the core kernel itself.

This is selectable at build-time with CONFIG_SECURITY_TIMGAD, and can be controlled at run-time through sysctls in /proc/sys/kernel/timgad: or prctl() interface.

Link: http://www.openwall.com/lists/kernel-hardening/2017/02/02/21

  • module_restrict

==============================================================

Linux containers need robust settings to control if modules are allowed to be loaded or unloaded globally or per process/container policy.

This adds global sysctl settings to indicate if the modules are allowed to be loaded or unloaded, at same time it also supports a per-process/container settings based on prctl(2) interface. The prctl(2) settings are inherited by children created by fork(2) and clone(2), and preserved across execve(2).

*) The per-process prctl() settings are: prctl(PR_TIMGAD_OPTS, PR_TIGMAD_SET_MOD_RESTRICT, value, 0, 0)

Where value means:

0 - Classic module load and unload permissions, nothing changes.

1 - The current process must have CAP_SYS_MODULE to be able to load and unload modules. CAP_NET_ADMIN should allow the current process to load and unload only netdev aliased modules.

2 - Current process can not loaded nor unloaded modules.

*) The sysctl settings (writable only with CAP_SYS_MODULE) are: /proc/sys/kernel/timgad/module_restrict

0 - Classic module load and unload permissions, nothing changes.

1 - Only processes with CAP_SYS_MODULE should be able to load and unload modules. Processes with CAP_NET_ADMIN should be able to load and unload only netdev aliased modules.

2 - Modules can not be loaded nor unloaded. Once set, this sysctl value cannot be changed.

Rules: First the prctl() settings are checked, if the access is not denied then the global sysctl settings are checked.

The original idea and inspiration is from grsecurity 'GRKERNSEC_MODHARDEN'

==============================================================