diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2014-12-12 17:08:40 -0800 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2015-01-20 16:34:25 -0800 |
commit | 69f287ae6fc8357e0bc561353a2d585b89ee8cdc (patch) | |
tree | a717c525b47790cab2d437e0e16e11728394b97c /security/smack/Makefile | |
parent | 5e7270a6dd14fa6e3bb10128f200305b4a75f350 (diff) | |
download | linux-rpi3-69f287ae6fc8357e0bc561353a2d585b89ee8cdc.tar.gz linux-rpi3-69f287ae6fc8357e0bc561353a2d585b89ee8cdc.tar.bz2 linux-rpi3-69f287ae6fc8357e0bc561353a2d585b89ee8cdc.zip |
Smack: secmark support for netfilter
Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.
As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.
The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.
All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/Makefile')
-rw-r--r-- | security/smack/Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/smack/Makefile b/security/smack/Makefile index 67a63aaec827..616cf93b368e 100644 --- a/security/smack/Makefile +++ b/security/smack/Makefile @@ -5,3 +5,4 @@ obj-$(CONFIG_SECURITY_SMACK) := smack.o smack-y := smack_lsm.o smack_access.o smackfs.o +smack-$(CONFIG_NETFILTER) += smack_netfilter.o |