summaryrefslogtreecommitdiff
path: root/security/smack/Makefile
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2014-12-12 17:08:40 -0800
committerCasey Schaufler <casey@schaufler-ca.com>2015-01-20 16:34:25 -0800
commit69f287ae6fc8357e0bc561353a2d585b89ee8cdc (patch)
treea717c525b47790cab2d437e0e16e11728394b97c /security/smack/Makefile
parent5e7270a6dd14fa6e3bb10128f200305b4a75f350 (diff)
downloadlinux-rpi3-69f287ae6fc8357e0bc561353a2d585b89ee8cdc.tar.gz
linux-rpi3-69f287ae6fc8357e0bc561353a2d585b89ee8cdc.tar.bz2
linux-rpi3-69f287ae6fc8357e0bc561353a2d585b89ee8cdc.zip
Smack: secmark support for netfilter
Smack uses CIPSO to label internet packets and thus provide for access control on delivery of packets. The netfilter facility was not used to allow for Smack to work properly without netfilter configuration. Smack does not need netfilter, however there are cases where it would be handy. As a side effect, the labeling of local IPv4 packets can be optimized and the handling of local IPv6 packets is just all out better. The best part is that the netfilter tools use "contexts" that are just strings, and they work just as well for Smack as they do for SELinux. All of the conditional compilation for IPv6 was implemented by Rafal Krypa <r.krypa@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/Makefile')
-rw-r--r--security/smack/Makefile1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/smack/Makefile b/security/smack/Makefile
index 67a63aaec827..616cf93b368e 100644
--- a/security/smack/Makefile
+++ b/security/smack/Makefile
@@ -5,3 +5,4 @@
obj-$(CONFIG_SECURITY_SMACK) := smack.o
smack-y := smack_lsm.o smack_access.o smackfs.o
+smack-$(CONFIG_NETFILTER) += smack_netfilter.o