* Netlabel
@ 2012-04-26 16:12 Christophe Hauser
0 siblings, 0 replies; only message in thread
From: Christophe Hauser @ 2012-04-26 16:12 UTC (permalink / raw)
To: kernelnewbies
Hi all,
is anyone here familiar with Netlabel ? I am trying to label network packets
using CIPSO tags from a LSM module. Rather than using the Netlink interface to
configure Netlabel from userspace, I try to setup everything from kernelspace.
The way I initialize netlabel is similar to what smack does in smk_cipso_doi()
(security/smack/smackfs.c).
What I am trying to do is the following :
- no packet should ever get dropped
- unlabeled packets can stay unlabeled, I don't need to assign them any DOI
- labeled packets carry information that is only useful to my LSM module
(bitmaps)
Now, everytime I label a socket, packets get dropped. I read in the RFC about
configuration settings such as HOST_LABEL_MAX and so on, but as far as I
understand, it is up to the module itself to make such verifications. Is
netlabel enforcing any sort of policy here ? Is there anyway I can configure
netlabel to never drop packets ?
Kind regards,
--
Christophe
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-04-26 16:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-26 16:12 Netlabel Christophe Hauser
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).