About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / netlabel / introduction.txt


Based on kernel version 4.16.1. Page generated on 2018-04-09 11:53 EST.

1	NetLabel Introduction
2	==============================================================================
3	Paul Moore, paul.moore@hp.com
4	
5	August 2, 2006
6	
7	 * Overview
8	
9	NetLabel is a mechanism which can be used by kernel security modules to attach
10	security attributes to outgoing network packets generated from user space
11	applications and read security attributes from incoming network packets.  It
12	is composed of three main components, the protocol engines, the communication
13	layer, and the kernel security module API.
14	
15	 * Protocol Engines
16	
17	The protocol engines are responsible for both applying and retrieving the
18	network packet's security attributes.  If any translation between the network
19	security attributes and those on the host are required then the protocol
20	engine will handle those tasks as well.  Other kernel subsystems should
21	refrain from calling the protocol engines directly, instead they should use
22	the NetLabel kernel security module API described below.
23	
24	Detailed information about each NetLabel protocol engine can be found in this
25	directory, consult '00-INDEX' for filenames.
26	
27	 * Communication Layer
28	
29	The communication layer exists to allow NetLabel configuration and monitoring
30	from user space.  The NetLabel communication layer uses a message based
31	protocol built on top of the Generic NETLINK transport mechanism.  The exact
32	formatting of these NetLabel messages as well as the Generic NETLINK family
33	names can be found in the 'net/netlabel/' directory as comments in the
34	header files as well as in 'include/net/netlabel.h'.
35	
36	 * Security Module API
37	
38	The purpose of the NetLabel security module API is to provide a protocol
39	independent interface to the underlying NetLabel protocol engines.  In addition
40	to protocol independence, the security module API is designed to be completely
41	LSM independent which should allow multiple LSMs to leverage the same code
42	base.
43	
44	Detailed information about the NetLabel security module API can be found in the
45	'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
46	found in this directory.
Hide Line Numbers


About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog