Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/netlabel/introduction.rst 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) =====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) NetLabel Introduction
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) =====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) Paul Moore, paul.moore@hp.com
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) August 2, 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) Overview
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) ========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) NetLabel is a mechanism which can be used by kernel security modules to attach
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) security attributes to outgoing network packets generated from user space
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) applications and read security attributes from incoming network packets.  It
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) is composed of three main components, the protocol engines, the communication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) layer, and the kernel security module API.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) Protocol Engines
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) ================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) The protocol engines are responsible for both applying and retrieving the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) network packet's security attributes.  If any translation between the network
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) security attributes and those on the host are required then the protocol
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) engine will handle those tasks as well.  Other kernel subsystems should
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) refrain from calling the protocol engines directly, instead they should use
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) the NetLabel kernel security module API described below.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) Detailed information about each NetLabel protocol engine can be found in this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) directory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) Communication Layer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) ===================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) The communication layer exists to allow NetLabel configuration and monitoring
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) from user space.  The NetLabel communication layer uses a message based
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) protocol built on top of the Generic NETLINK transport mechanism.  The exact
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) formatting of these NetLabel messages as well as the Generic NETLINK family
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) names can be found in the 'net/netlabel/' directory as comments in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) header files as well as in 'include/net/netlabel.h'.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) Security Module API
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) ===================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) The purpose of the NetLabel security module API is to provide a protocol
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) independent interface to the underlying NetLabel protocol engines.  In addition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) to protocol independence, the security module API is designed to be completely
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) LSM independent which should allow multiple LSMs to leverage the same code
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) base.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) Detailed information about the NetLabel security module API can be found in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) found in this directory.
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.