LSM is a #202204081225 framework that allows modules mediates the access to internal objects in the Kernel. To do so, they place hooks in the kernel code just before the access happen. They will impose several checks against access to see whether the request is valid and legal. LSM provides MAC-based controls without modifying the kernel.
The modules that could be used in LSM are:
- SELinux
- AppArmor