LSM (Loadable Security Module) is a very simple but effective intrusion prevention
loadable kernel module. Current functionality involves protecting extended file attributes
on ext2 from being modified by the super user and the module from being removed and
other modules from being loaded. The basic protection also prevents access to raw
devices, so debugfs can not be used on a disk partition nor can a change to the boot
process occur. You will not be able to reconfigure lilo, if the module gets activated.
