cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

introduction.rst (2047B)

      1=====================
      2NetLabel Introduction
      3=====================
      4
      5Paul Moore, paul.moore@hp.com
      6
      7August 2, 2006
      8
      9Overview
     10========
     11
     12NetLabel is a mechanism which can be used by kernel security modules to attach
     13security attributes to outgoing network packets generated from user space
     14applications and read security attributes from incoming network packets.  It
     15is composed of three main components, the protocol engines, the communication
     16layer, and the kernel security module API.
     17
     18Protocol Engines
     19================
     20
     21The protocol engines are responsible for both applying and retrieving the
     22network packet's security attributes.  If any translation between the network
     23security attributes and those on the host are required then the protocol
     24engine will handle those tasks as well.  Other kernel subsystems should
     25refrain from calling the protocol engines directly, instead they should use
     26the NetLabel kernel security module API described below.
     27
     28Detailed information about each NetLabel protocol engine can be found in this
     29directory.
     30
     31Communication Layer
     32===================
     33
     34The communication layer exists to allow NetLabel configuration and monitoring
     35from user space.  The NetLabel communication layer uses a message based
     36protocol built on top of the Generic NETLINK transport mechanism.  The exact
     37formatting of these NetLabel messages as well as the Generic NETLINK family
     38names can be found in the 'net/netlabel/' directory as comments in the
     39header files as well as in 'include/net/netlabel.h'.
     40
     41Security Module API
     42===================
     43
     44The purpose of the NetLabel security module API is to provide a protocol
     45independent interface to the underlying NetLabel protocol engines.  In addition
     46to protocol independence, the security module API is designed to be completely
     47LSM independent which should allow multiple LSMs to leverage the same code
     48base.
     49
     50Detailed information about the NetLabel security module API can be found in the
     51'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
     52found in this directory.