1
linux/security/selinux/include
James Morris 29a395eac4 [SECMARK]: Add new flask definitions to SELinux
Secmark implements a new scheme for adding security markings to
packets via iptables, as well as changes to SELinux to use these
markings for security policy enforcement.  The rationale for this
scheme is explained and discussed in detail in the original threads:

 http://thread.gmane.org/gmane.linux.network/34927/
 http://thread.gmane.org/gmane.linux.network/35244/

Examples of policy and rulesets, as well as a full archive of patches
for iptables and SELinux userland, may be found at:

http://people.redhat.com/jmorris/selinux/secmark/

The code has been tested with various compilation options and in
several scenarios, including with 'complicated' protocols such as FTP
and also with the new generic conntrack code with IPv6 connection
tracking.

This patch:

Add support for a new object class ('packet'), and associated
permissions ('send', 'recv', 'relabelto').  These are used to enforce
security policy for network packets labeled with SECMARK, and for
adding labeling rules.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-17 21:29:53 -07:00
..
av_inherit.h [SELINUX]: add security class for appletalk sockets 2006-06-17 21:29:51 -07:00
av_perm_to_string.h [SECMARK]: Add new flask definitions to SELinux 2006-06-17 21:29:53 -07:00
av_permissions.h [SECMARK]: Add new flask definitions to SELinux 2006-06-17 21:29:53 -07:00
avc_ss.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
avc.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
class_to_string.h [SECMARK]: Add new flask definitions to SELinux 2006-06-17 21:29:53 -07:00
common_perm_to_string.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
conditional.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
flask.h [SECMARK]: Add new flask definitions to SELinux 2006-06-17 21:29:53 -07:00
initial_sid_to_string.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
netif.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
objsec.h [PATCH] selinux: remove security struct magic number fields and tests 2006-02-01 08:53:19 -08:00
security.h [PATCH] selinux: Clear selinux_enabled flag upon runtime disable. 2006-05-03 10:08:11 -07:00
xfrm.h [LSM-IPsec]: SELinux Authorize 2006-06-17 21:29:45 -07:00