[PATCH] ip.7: Document IP_PASSSEC for UDP sockets
Paul Moore
paul at paul-moore.com
Thu Sep 17 23:16:12 UTC 2020
On Thu, Sep 17, 2020 at 1:31 PM Stephen Smalley
<stephen.smalley.work at gmail.com> wrote:
>
> Document the IP_PASSSEC socket option and SCM_SECURITY
> ancillary/control message type for UDP sockets.
>
> IP_PASSSEC for UDP sockets was introduced in Linux 2.6.17 [1].
>
> Example NetLabel and IPSEC configurations and usage of this option
> can be found in the SELinux Notebook [2] and SELinux testsuite [3].
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c7946a7bf45ae86736ab3b43d0085e43947945c
>
> [2] https://github.com/SELinuxProject/selinux-notebook
>
> [3] https://github.com/SELinuxProject/selinux-testsuite
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work at gmail.com>
> ---
> man7/ip.7 | 48 ++++++++++++++++++++++++++++++++++++++++++------
> 1 file changed, 42 insertions(+), 6 deletions(-)
Thanks for including the note about the SCM_SECURITY/IP_HDRINCL
conflict. I figure it's probably not the best for another SELinux
person to ACK this, but I will mark it as "reviewed".
Reviewed-by: Paul Moore <paul at paul-moore.com>
--
paul moore
www.paul-moore.com
More information about the Linux-security-module-archive
mailing list