Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 29a395eac4c320c570e73f0a90d8953d80da8359
commit29a395eac4c320c570e73f0a90d8953d80da8359[log] [tgz]
authorJames Morris <jmorris@namei.org>Fri Jun 09 00:27:28 2006 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>Sat Jun 17 21:29:53 2006 -0700
tree9d34d7987754004e76de76d3f9facbee804779b7
parent3e3ff15e6d8ba931fa9a6c7f9fe711edc77e96e5 [diff]
[SECMARK]: Add new flask definitions to SELinux

Secmark implements a new scheme for adding security markings to
packets via iptables, as well as changes to SELinux to use these
markings for security policy enforcement.  The rationale for this
scheme is explained and discussed in detail in the original threads:

 http://thread.gmane.org/gmane.linux.network/34927/
 http://thread.gmane.org/gmane.linux.network/35244/

Examples of policy and rulesets, as well as a full archive of patches
for iptables and SELinux userland, may be found at:

http://people.redhat.com/jmorris/selinux/secmark/

The code has been tested with various compilation options and in
several scenarios, including with 'complicated' protocols such as FTP
and also with the new generic conntrack code with IPv6 connection
tracking.

This patch:

Add support for a new object class ('packet'), and associated
permissions ('send', 'recv', 'relabelto').  These are used to enforce
security policy for network packets labeled with SECMARK, and for
adding labeling rules.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
4 files changed
tree: 9d34d7987754004e76de76d3f9facbee804779b7
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. COPYING
  20. CREDITS
  21. Kbuild
  22. MAINTAINERS
  23. Makefile
  24. README
  25. REPORTING-BUGS