~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/netlabel/introduction.rst

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 =====================
  2 NetLabel Introduction
  3 =====================
  4 
  5 Paul Moore, paul.moore@hp.com
  6 
  7 August 2, 2006
  8 
  9 Overview
 10 ========
 11 
 12 NetLabel is a mechanism which can be used by kernel security modules to attach
 13 security attributes to outgoing network packets generated from user space
 14 applications and read security attributes from incoming network packets.  It
 15 is composed of three main components, the protocol engines, the communication
 16 layer, and the kernel security module API.
 17 
 18 Protocol Engines
 19 ================
 20 
 21 The protocol engines are responsible for both applying and retrieving the
 22 network packet's security attributes.  If any translation between the network
 23 security attributes and those on the host are required then the protocol
 24 engine will handle those tasks as well.  Other kernel subsystems should
 25 refrain from calling the protocol engines directly, instead they should use
 26 the NetLabel kernel security module API described below.
 27 
 28 Detailed information about each NetLabel protocol engine can be found in this
 29 directory.
 30 
 31 Communication Layer
 32 ===================
 33 
 34 The communication layer exists to allow NetLabel configuration and monitoring
 35 from user space.  The NetLabel communication layer uses a message based
 36 protocol built on top of the Generic NETLINK transport mechanism.  The exact
 37 formatting of these NetLabel messages as well as the Generic NETLINK family
 38 names can be found in the 'net/netlabel/' directory as comments in the
 39 header files as well as in 'include/net/netlabel.h'.
 40 
 41 Security Module API
 42 ===================
 43 
 44 The purpose of the NetLabel security module API is to provide a protocol
 45 independent interface to the underlying NetLabel protocol engines.  In addition
 46 to protocol independence, the security module API is designed to be completely
 47 LSM independent which should allow multiple LSMs to leverage the same code
 48 base.
 49 
 50 Detailed information about the NetLabel security module API can be found in the
 51 'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
 52 found in this directory.
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php