Root/
1 | NetLabel Introduction |
2 | ============================================================================== |
3 | Paul Moore, paul.moore@hp.com |
4 | |
5 | August 2, 2006 |
6 | |
7 | * Overview |
8 | |
9 | NetLabel is a mechanism which can be used by kernel security modules to attach |
10 | security attributes to outgoing network packets generated from user space |
11 | applications and read security attributes from incoming network packets. It |
12 | is composed of three main components, the protocol engines, the communication |
13 | layer, and the kernel security module API. |
14 | |
15 | * Protocol Engines |
16 | |
17 | The protocol engines are responsible for both applying and retrieving the |
18 | network packet's security attributes. If any translation between the network |
19 | security attributes and those on the host are required then the protocol |
20 | engine will handle those tasks as well. Other kernel subsystems should |
21 | refrain from calling the protocol engines directly, instead they should use |
22 | the NetLabel kernel security module API described below. |
23 | |
24 | Detailed information about each NetLabel protocol engine can be found in this |
25 | directory, consult '00-INDEX' for filenames. |
26 | |
27 | * Communication Layer |
28 | |
29 | The communication layer exists to allow NetLabel configuration and monitoring |
30 | from user space. The NetLabel communication layer uses a message based |
31 | protocol built on top of the Generic NETLINK transport mechanism. The exact |
32 | formatting of these NetLabel messages as well as the Generic NETLINK family |
33 | names can be found in the 'net/netlabel/' directory as comments in the |
34 | header files as well as in 'include/net/netlabel.h'. |
35 | |
36 | * Security Module API |
37 | |
38 | The purpose of the NetLabel security module API is to provide a protocol |
39 | independent interface to the underlying NetLabel protocol engines. In addition |
40 | to protocol independence, the security module API is designed to be completely |
41 | LSM independent which should allow multiple LSMs to leverage the same code |
42 | base. |
43 | |
44 | Detailed information about the NetLabel security module API can be found in the |
45 | 'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file |
46 | found in this directory. |
47 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9