summaryrefslogtreecommitdiff
path: root/net/iucv
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2008-06-09 22:57:24 (GMT)
committerDavid S. Miller <davem@davemloft.net>2008-06-09 22:57:24 (GMT)
commit560ee653b67074b805f1b661988a72a0e58811a5 (patch)
treee480158d626854dde7421d87e76b1fa6443c457f /net/iucv
parenta258860e01b80e8f554a4ab1a6c95e6042eb8b73 (diff)
downloadlinux-fsl-qoriq-560ee653b67074b805f1b661988a72a0e58811a5.tar.xz
netfilter: ip_tables: add iptables security table for mandatory access control rules
The following patch implements a new "security" table for iptables, so that MAC (SELinux etc.) networking rules can be managed separately to standard DAC rules. This is to help with distro integration of the new secmark-based network controls, per various previous discussions. The need for a separate table arises from the fact that existing tools and usage of iptables will likely clash with centralized MAC policy management. The SECMARK and CONNSECMARK targets will still be valid in the mangle table to prevent breakage of existing users. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/iucv')
0 files changed, 0 insertions, 0 deletions