Flash Advertise
| [PATCH 0/2] Security: Add security tables for mandatory access control | |||||||||||||||||||||
| 摘自: lwn.net 被阅读次数: 38 | |||||||||||||||||||||
由 yangyi 于 2008-08-29 22:46:53 提供 | |||||||||||||||||||||
The following patches add a new ip[6]tables "security" table, for use with mandatory access control (MAC) security schemes. This follows on from an RFC post earlier in the year: http://thread.gmane.org/gmane.linux.redhat.fedora.selinux... In a nutshell, the need for this arises from the fact that MAC labeling rules utilizing iptables via SECMARK and CONNSECMARK are not subject to discretionary security policy (i.e. not even "root" or a user with CAP_NET_ADMIN may be able to modify these rules). So, a separate table is proposed here to allow these administrative security domains to be separated, and specifically to assist with distro integration. Patches for IPv4 and IPv6 follow. Please review and consider for 2.6.27. - James -- James Morris <jmorris@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Original link: http://lwn.net/Articles/283284/ |
