review.tizen.org Git - sdk/emulator/emulator-kernel.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Sat, 13 Dec 2014 01:08:40 +0000 (17:08 -0800)
committer	Rafal Krypa <r.krypa@samsung.com>
	Thu, 5 Mar 2015 12:06:03 +0000 (13:06 +0100)
commit	c141075861a6c225386da55c6baadd4dc6892754
tree	dc54e52199006761a1917649a8859469c02eb73e	tree \| snapshot
parent	00fe75d204dff19194ecb10f3527720053a55287	commit \| diff

Smack: secmark support for netfilter

Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.

As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.

The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.

All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>

Change-Id: Ibbc245581caae49706652a39510f665ced8accaf
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

security/smack/Kconfig		diff \| blob \| history
security/smack/Makefile		diff \| blob \| history
security/smack/smack.h		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history
security/smack/smack_netfilter.c	[new file with mode: 0644]	blob