Netlabel - Christophe Hauser

All of lore.kernel.org
 help / color / mirror / Atom feed

From: christophe.hauser@supelec.fr (Christophe Hauser)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Netlabel
Date: Thu, 26 Apr 2012 18:12:51 +0200	[thread overview]
Message-ID: <20120426161251.GD23964@Latty> (raw)

Hi all,

is anyone here familiar with Netlabel ? I am trying to label network packets
using CIPSO tags from a LSM module. Rather than using the Netlink interface to
configure Netlabel from userspace, I try to setup everything from kernelspace.
The way I initialize netlabel is similar to what smack does in smk_cipso_doi()
(security/smack/smackfs.c).

What I am trying to do is the following :
- no packet should ever get dropped
- unlabeled packets can stay unlabeled, I don't need to assign them any DOI
- labeled packets carry information that is only useful to my LSM module
  (bitmaps)

Now, everytime I label a socket, packets get dropped. I read in the RFC about
configuration settings such as HOST_LABEL_MAX and so on, but as far as I
understand, it is up to the module itself to make such verifications. Is
netlabel enforcing any sort of policy here ? Is there anyway I can configure
netlabel to never drop packets ?

Kind regards,
-- 
Christophe

next             reply	other threads:[~2012-04-26 16:12 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-26 16:12 Christophe Hauser [this message]
  -- strict thread matches above, loose matches on Subject: below --
2008-06-04  6:55 NetLabel Justin Mattock
2008-06-04 14:31 ` NetLabel Paul Moore
2008-06-04 19:05   ` NetLabel Justin Mattock
2008-06-04 19:14     ` NetLabel Paul Moore
2008-06-04 19:25       ` NetLabel Justin Mattock

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120426161251.GD23964@Latty \
    --to=christophe.hauser@supelec.fr \
    --cc=kernelnewbies@lists.kernelnewbies.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.