Based on kernel version 3.15.4. Page generated on 2014-07-07 09:03 EST.
1 NetLabel Introduction 2 ============================================================================== 3 Paul Moore, firstname.lastname@example.org 4 5 August 2, 2006 6 7 * Overview 8 9 NetLabel is a mechanism which can be used by kernel security modules to attach 10 security attributes to outgoing network packets generated from user space 11 applications and read security attributes from incoming network packets. It 12 is composed of three main components, the protocol engines, the communication 13 layer, and the kernel security module API. 14 15 * Protocol Engines 16 17 The protocol engines are responsible for both applying and retrieving the 18 network packet's security attributes. If any translation between the network 19 security attributes and those on the host are required then the protocol 20 engine will handle those tasks as well. Other kernel subsystems should 21 refrain from calling the protocol engines directly, instead they should use 22 the NetLabel kernel security module API described below. 23 24 Detailed information about each NetLabel protocol engine can be found in this 25 directory, consult '00-INDEX' for filenames. 26 27 * Communication Layer 28 29 The communication layer exists to allow NetLabel configuration and monitoring 30 from user space. The NetLabel communication layer uses a message based 31 protocol built on top of the Generic NETLINK transport mechanism. The exact 32 formatting of these NetLabel messages as well as the Generic NETLINK family 33 names can be found in the 'net/netlabel/' directory as comments in the 34 header files as well as in 'include/net/netlabel.h'. 35 36 * Security Module API 37 38 The purpose of the NetLabel security module API is to provide a protocol 39 independent interface to the underlying NetLabel protocol engines. In addition 40 to protocol independence, the security module API is designed to be completely 41 LSM independent which should allow multiple LSMs to leverage the same code 42 base. 43 44 Detailed information about the NetLabel security module API can be found in the 45 'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file 46 found in this directory.