architecture and subsystems

• Architecture specific code: Architecture specific source code for the Linux Kernel.
• device drivers: Linux device drivers can be found in the following source folders : /block (block devices), /drivers (most drivers: video, network,...), /sound (audio cards)
• file systems: This includes all the file systems supported by the Linux Kernel, and the VFS (virtual file system) which provides a common interface abstraction for all the file systems.
• Kernel code and process management: Manages processes, threads, scheduling, stacks, signalling, time...
• memory management: Memory management for physical and virtual memory
• network stack: Networking code (IPv4 and IPv6 networking stacks, BSD socket, routing, filtering, etc)
• system call interface: The system call interface is the set of functions exposed by the kernel to the user space.

linux components

• Linux kernel modules: Loadable Kernel modules can be loaded and unloaded into the kernel on demand. Most device drivers can be used as kernel modules.
• vmlinux: Linux kernel in a statically linked executable file format.

linux security modules

• apparmor: The apparmor Linux Security Module controls the access rights of applications (file access, network access, etc), based on MAC security (Mandatory Access Control, administrator policy)
• loadpin: The loadpin Linux Security Module ensures that all kernel modules are loaded from the same filesystem
• linux security module (LSM) framework: The LSM framework allows the Linux kernel to support a variety of computer security models, by using security extensions.
• Security Enhanced Linux (selinux): The selinux Security Module provides access control security policies based on MAC (mandatory access control)
• Simplified Mandatory Access Control Kernel (Smack): Smack is a kernel based implementation of mandatory access control that includes simplicity in its primary design goals.
• tomoyo: TOMOYO is a Mandatory Access Control (MAC) implementation for Linux.
• yama

security

• Extended Verification Module (EVM): EVM protects a file's security extended attributes against integrity attacks.
• Integrity Measurement Architecture (IMA): IMA maintains hash values for sensitive files. If used, the TPM (Trusted Platform Module) stores an aggregate integrity value over this set.
• Linux integrity subsystem: Detects files that have been altered
• Linux key retention service: This services caches authentication tokens and access keys in the kernel for the use by kernel services.

other

• Linux Application Binary Interface (ABI): Linux ABI defines how data structures or routines are accessed in machine code: it is an architecture/hardware dependent format.
• Berkeley Packet Filter (BPF): BPF allows a user-space program to attach a filter onto any socket and allow or disallow certain types of data to come through the socket. For example, a tcpdump process may want to receive only packets that initiate a TCP connection.
• Executable and Linking Format (ELF): Common standard file format for executable files, object code, shared libraries, and core dumps.