Smack (software)


Smack is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control rules, with simplicity as its main design goal. It has been officially merged since the Linux 2.6.25 release, it was the main access control mechanism for the MeeGo mobile Operating System. It is also used to sandbox HTML5 web applications in the Tizen architecture, in the commercial Wind River Linux solutions for embedded device development, in Philips Digital TV products., and in Intel's Ostro OS for IoT devices.
Since 2016, Smack is required in all Automotive Grade Linux implementations where it provides in association with other Linux facilities the base for the AGL security framework.

Design

Smack consists of three components:
Smack has been criticized for being written as a new LSM module instead of an SELinux security policy which can provide equivalent functionality. Such SELinux policies have been proposed, but none had been demonstrated. Smack's author replied that it would not be practical due to SELinux's complicated configuration syntax and the philosophical difference between Smack and SELinux designs.