• Paul Moore's avatar
    netlabel: Add functionality to set the security attributes of a packet · 948bf85c
    Paul Moore authored
    This patch builds upon the new NetLabel address selector functionality by
    providing the NetLabel KAPI and CIPSO engine support needed to enable the
    new packet-based labeling.  The only new addition to the NetLabel KAPI at
    this point is shown below:
    
     * int netlbl_skbuff_setattr(skb, family, secattr)
    
    ... and is designed to be called from a Netfilter hook after the packet's
    IP header has been populated such as in the FORWARD or LOCAL_OUT hooks.
    
    This patch also provides the necessary SELinux hooks to support this new
    functionality.  Smack support is not currently included due to uncertainty
    regarding the permissions needed to expand the Smack network access controls.
    Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
    Reviewed-by: default avatarJames Morris <jmorris@namei.org>
    948bf85c
netlabel.h 3.21 KB