1 ========================================
2 NetLabel Linux Security Module Interface
3 ========================================
4
5 Paul Moore, paul.moore@hp.com
6
7 May 17, 2006
8
9 Overview
10 ========
11
12 NetLabel is a mechanism which can set and retr
13 network packets. It is intended to be used by
14 use of a common code base for several differen
15 The NetLabel security module API is defined in
16 brief overview is given below.
17
18 NetLabel Security Attributes
19 ============================
20
21 Since NetLabel supports multiple different pac
22 it uses the concept of security attributes to
23 labels. The NetLabel security attributes are
24 'netlbl_lsm_secattr' structure in the NetLabel
25 NetLabel subsystem converts the security attri
26 low-level packet label depending on the NetLab
27 configuration. It is up to the LSM developer
28 security attributes into whatever security ide
29 particular LSM.
30
31 NetLabel LSM Protocol Operations
32 ================================
33
34 These are the functions which allow the LSM de
35 on outgoing packets as well as read the labels
36 exist to operate both on sockets as well as th
37 level functions are translated into low level
38 the administrator has configured the NetLabel
39
40 NetLabel Label Mapping Cache Operations
41 =======================================
42
43 Depending on the exact configuration, translat
44 label and the internal LSM security identifier
45 NetLabel label mapping cache is a caching mech
46 sidestep much of this overhead once a mapping
47 LSM has received a packet, used NetLabel to de
48 and translated the security attributes into a
49 can use the NetLabel caching functions to asso
50 identifier with the network packet's label. T
51 when a incoming packet matches a cached value
52 NetLabel translation mechanisms bypassed but t
53 bypassed as well which should result in a sign
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.