linux/Documentation/netlabel/introduction.txt
<<
>>
Prefs 
   1NetLabel Introduction
   2==============================================================================
   3Paul Moore, paul.moore@hp.com
   4
   5August 2, 2006
   6
   7 * Overview
   8
   9NetLabel is a mechanism which can be used by kernel security modules to attach
  10security attributes to outgoing network packets generated from user space
  11applications and read security attributes from incoming network packets.  It
  12is composed of three main components, the protocol engines, the communication
  13layer, and the kernel security module API.
  14
  15 * Protocol Engines
  16
  17The protocol engines are responsible for both applying and retrieving the
  18network packet's security attributes.  If any translation between the network
  19security attributes and those on the host are required then the protocol
  20engine will handle those tasks as well.  Other kernel subsystems should
  21refrain from calling the protocol engines directly, instead they should use
  22the NetLabel kernel security module API described below.
  23
  24Detailed information about each NetLabel protocol engine can be found in this
  25directory, consult '00-INDEX' for filenames.
  26
  27 * Communication Layer
  28
  29The communication layer exists to allow NetLabel configuration and monitoring
  30from user space.  The NetLabel communication layer uses a message based
  31protocol built on top of the Generic NETLINK transport mechanism.  The exact
  32formatting of these NetLabel messages as well as the Generic NETLINK family
  33names can be found in the 'net/netlabel/' directory as comments in the
  34header files as well as in 'include/net/netlabel.h'.
  35
  36 * Security Module API
  37
  38The purpose of the NetLabel security module API is to provide a protocol
  39independent interface to the underlying NetLabel protocol engines.  In addition
  40to protocol independence, the security module API is designed to be completely
  41LSM independent which should allow multiple LSMs to leverage the same code
  42base.
  43
  44Detailed information about the NetLabel security module API can be found in the
  45'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
  46found in this directory.
  47
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.