【正文】 tion, but also provides many other inode nodes to a single hook to inode node operations were fine grain access control. Some of the documents hooks to allow security module for () and write () such documents operation conduct additional inspection。 Provides hooks used to allow security module in loading procedures before initialization safety information and execute access control。 Also provides control on the current process hooks, such as the privilege operation setuid ()。 Or even can directly write suits your needs security module. Linux security module (LSM) provide interface is hooks, its initially to a virtual function realized the default traditional UNIX super user mechanism, module writers have to achieve these hooks functions to meet its own security strategy. Below is a brief description Linux security module (LSM) provide details please reference hooks, include source code, especially/Linux/security. H header file security_operations structure definition. As for specific how the security strategy according to their own needs to write safety module, can SELinux DTE, LIDS reference, the security of the system module implements etc. First is a mission hooks, Linux security module (LSM) provides a series of tasks hook makes security module can be management process and control process of safety information of the operation. Module can use task_struct structure of security domain to maintain process safety information。t be back register_security () function of covering, until this security module unregister_security () function is used to frame cancellation: this simple will hook functions to replace the default, the system back to UNIX super user mechanism. In addition, Linux security module (LSM) framework also provides function mod_reg_security () and function mod_unreg_security (), make 濱州學(xué)院畢業(yè)設(shè)計（專業(yè)外文翻譯） 6 subsequent security module can be to have the first registration or cancellation of registration the main module, but its strategy achieved by the main module is to provide some strategy decision: to achieve module stack thus support module function synthesis, or simple return error value to ignore subsequent security module. These functions are provided in the kernel source code file security/security. C. Linux kernel 1e capabilities to POSIX. Now a subset of the support. Linux security module (LSM) design of a demand is put this function the transplant as an optional security module. POSIX 1e capabilities provides division j traditional super user privileges and assigned to a specific process function. Linux security module (LSM) retained used to perform in the kernel of the existing webmasters check the interface, but () () function simplified webmasters for a Linux security module (LSM) hook functions, thereby allowing the packing in security module achieve any need to logic. Linux security module (LSM) still kept the process task_struck structure set (a simple bit vector), and didn39。 And for the opposite allow type access control decisionmaking provides only a small amount of support. For module function synthesis, Linux security module (LSM) allow module stack, but the main work to the module itself by the first loading, the synthesis module function modules final decisions. All of these design decisions may temporarily affected Linux security module (LSM) function and flexibility, but greatly reduces the Linux security module (LSM), reduce the plexity of the realization of Linux kernel modifications and influence, to make it into the Linux kernel bee security mechanism standard possibility greatly improve。 Meanwhile let those who need it so to get useful and efficient function. Linus Torvalds represented by the kernel developers to Linux security module (LSM) proposes three requirements: True universal, when using a different security model, only need to load a different kernel modules Concept of Linux kernel, simple, efficient, and minimal effects that can support the existing POSIX 1e capabilities logic, j as an optional security module On the other hand, all sorts of different Linux security enhancements system for Linux security module (LSM) request is: can allow them to the form of loading kernel modules to achieve its security functions, and not in safety brings apparent loss, will also 濱州學(xué)院畢業(yè)設(shè)計（專業(yè)外文翻譯） 3 bring extra system overhead. In order to satisfy the design goal, Linux security module (LSM) adopted in the kernel code by the method of placing hooks to arbitration for kernel internal objects visit, these objects are: inode node, task, open files, etc. User process execution system, the first travel Linux kernel call of the original logic find and allocation of resources, error checking, and after classic UNIX independent access control in Linux kernel, just trying to visit to internal object, before a Linux security module (LSM) which hooks for safety of function module must be provided for a call for security module, and raise the question whether to allow access execution? According to its security, security module making decisions, to answer strategy allows, or refused to then return an error. On the other hand, in order to satisfy the most existing Linux security enhancements system need, Linux security module (LSM) adopted a simplified design decisions. Linux security module (LSM) now main support most existing security enhancements the core of the system function: access control。 If do not have, can read this article last reference material listed in the IBM dW on the three articles. 1. Related background introduction: why and what In recent years because of its excellent Linux system performance and stability, ope n source characteristic brings flexibility and expansibility, and a low cost, by the puter industry wide attention and applications. But in safety, Linux kernel provide