~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/netlabel/lsm_interface.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/netlabel/lsm_interface.rst (Architecture ppc) and /Documentation/netlabel/lsm_interface.rst (Architecture i386)


  1 ========================================            1 ========================================
  2 NetLabel Linux Security Module Interface            2 NetLabel Linux Security Module Interface
  3 ========================================            3 ========================================
  4                                                     4 
  5 Paul Moore, paul.moore@hp.com                       5 Paul Moore, paul.moore@hp.com
  6                                                     6 
  7 May 17, 2006                                        7 May 17, 2006
  8                                                     8 
  9 Overview                                            9 Overview
 10 ========                                           10 ========
 11                                                    11 
 12 NetLabel is a mechanism which can set and retr     12 NetLabel is a mechanism which can set and retrieve security attributes from
 13 network packets.  It is intended to be used by     13 network packets.  It is intended to be used by LSM developers who want to make
 14 use of a common code base for several differen     14 use of a common code base for several different packet labeling protocols.
 15 The NetLabel security module API is defined in     15 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
 16 brief overview is given below.                     16 brief overview is given below.
 17                                                    17 
 18 NetLabel Security Attributes                       18 NetLabel Security Attributes
 19 ============================                       19 ============================
 20                                                    20 
 21 Since NetLabel supports multiple different pac     21 Since NetLabel supports multiple different packet labeling protocols and LSMs
 22 it uses the concept of security attributes to      22 it uses the concept of security attributes to refer to the packet's security
 23 labels.  The NetLabel security attributes are      23 labels.  The NetLabel security attributes are defined by the
 24 'netlbl_lsm_secattr' structure in the NetLabel     24 'netlbl_lsm_secattr' structure in the NetLabel header file.  Internally the
 25 NetLabel subsystem converts the security attri     25 NetLabel subsystem converts the security attributes to and from the correct
 26 low-level packet label depending on the NetLab     26 low-level packet label depending on the NetLabel build time and run time
 27 configuration.  It is up to the LSM developer      27 configuration.  It is up to the LSM developer to translate the NetLabel
 28 security attributes into whatever security ide     28 security attributes into whatever security identifiers are in use for their
 29 particular LSM.                                    29 particular LSM.
 30                                                    30 
 31 NetLabel LSM Protocol Operations                   31 NetLabel LSM Protocol Operations
 32 ================================                   32 ================================
 33                                                    33 
 34 These are the functions which allow the LSM de     34 These are the functions which allow the LSM developer to manipulate the labels
 35 on outgoing packets as well as read the labels     35 on outgoing packets as well as read the labels on incoming packets.  Functions
 36 exist to operate both on sockets as well as th     36 exist to operate both on sockets as well as the sk_buffs directly.  These high
 37 level functions are translated into low level      37 level functions are translated into low level protocol operations based on how
 38 the administrator has configured the NetLabel      38 the administrator has configured the NetLabel subsystem.
 39                                                    39 
 40 NetLabel Label Mapping Cache Operations            40 NetLabel Label Mapping Cache Operations
 41 =======================================            41 =======================================
 42                                                    42 
 43 Depending on the exact configuration, translat     43 Depending on the exact configuration, translation between the network packet
 44 label and the internal LSM security identifier     44 label and the internal LSM security identifier can be time consuming.  The
 45 NetLabel label mapping cache is a caching mech     45 NetLabel label mapping cache is a caching mechanism which can be used to
 46 sidestep much of this overhead once a mapping      46 sidestep much of this overhead once a mapping has been established.  Once the
 47 LSM has received a packet, used NetLabel to de     47 LSM has received a packet, used NetLabel to decode its security attributes,
 48 and translated the security attributes into a      48 and translated the security attributes into a LSM internal identifier the LSM
 49 can use the NetLabel caching functions to asso     49 can use the NetLabel caching functions to associate the LSM internal
 50 identifier with the network packet's label.  T     50 identifier with the network packet's label.  This means that in the future
 51 when a incoming packet matches a cached value      51 when a incoming packet matches a cached value not only are the internal
 52 NetLabel translation mechanisms bypassed but t     52 NetLabel translation mechanisms bypassed but the LSM translation mechanisms are
 53 bypassed as well which should result in a sign     53 bypassed as well which should result in a significant reduction in overhead.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php