kernel-ark/security
James Morris 29a395eac4 [SECMARK]: Add new flask definitions to SELinux
Secmark implements a new scheme for adding security markings to
packets via iptables, as well as changes to SELinux to use these
markings for security policy enforcement.  The rationale for this
scheme is explained and discussed in detail in the original threads:

 http://thread.gmane.org/gmane.linux.network/34927/
 http://thread.gmane.org/gmane.linux.network/35244/

Examples of policy and rulesets, as well as a full archive of patches
for iptables and SELinux userland, may be found at:

http://people.redhat.com/jmorris/selinux/secmark/

The code has been tested with various compilation options and in
several scenarios, including with 'complicated' protocols such as FTP
and also with the new generic conntrack code with IPv6 connection
tracking.

This patch:

Add support for a new object class ('packet'), and associated
permissions ('send', 'recv', 'relabelto').  These are used to enforce
security policy for network packets labeled with SECMARK, and for
adding labeling rules.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-17 21:29:53 -07:00
..
keys [PATCH] Keys: Improve usage of memory barriers and remove IRQ disablement 2006-04-11 06:18:45 -07:00
selinux [SECMARK]: Add new flask definitions to SELinux 2006-06-17 21:29:53 -07:00
capability.c
commoncap.c [PATCH] make cap_ptrace enforce PTRACE_TRACME checks 2006-03-25 08:22:56 -08:00
dummy.c [LSM-IPsec]: SELinux Authorize 2006-06-17 21:29:45 -07:00
inode.c
Kconfig
Makefile
root_plug.c
seclvl.c [PATCH] Bug fixes and cleanup for the BSD Secure Levels LSM 2006-03-23 07:38:03 -08:00
security.c [PATCH] refactor capable() to one implementation, add __capable() helper 2006-03-25 08:22:56 -08:00