Col Kitten is overexcited about his new responsibilities
COMPANY! STAND BY YOUR BEDS! WE ARE IN LOCKDOWN!
I repeat WE ARE IN LOCKDOWN!
I, Colonel Kitten, your leader and defender of the Linux kernel bring you grave news.
WE ARE IN LOCKDOWN!
A new feature is being added to the kernel. Details are sketchy, but all soldiers are reminded to be vigilant. Here is the information received from Commander Torvalds who has personally overseen this change.
Civilians will see the lockdown (WE ARE IN LOCKDOWN) as a new module called Linux Security Module or LSM.
WE WILL PROTECT THE LSM!
Although the LSM only serves to formalise a process that has been naturally built into most Linux distros all along. Documents from the kernel dossier explain: “The majority of mainstream distributions have been carrying variants of this patchset for many years now, so there’s value in providing a doesn’t meet every distribution requirement, but gets us much closer to not requiring external patches.”
As your puny cannon-foddered brains will not be able to understand the words of our Commander, I shall explain. The LSM means that, when activated, user code cannot interact to make changes to the kernel.
In addition, there is a confidential mode which also stops a user from extracting confidential data from the kernel code.
PROTECT THE KERNEL!
The LSM will appear in the next version of the kernel – version 5.4 which is currently open for commits.
In the first instance, it will be turned off by default, as even the great Commander himself can’t guarantee that retroactively enabling it on an existing system won’t just plain bork it.
This is one of the biggest commitments to security in Linux for some time, and when activated will even block access to root users.
RIGHT! THAT IS YOUR BRIEFING! AS YOU WERE!
Of course… straight back to bed. Slobs. Call themselves soldiers? µ
>> Source Link