CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT: NSA SELinux enable new secmark network controls by default

General informations

The Linux kernel configuration item CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT:

• prompt: NSA SELinux enable new secmark network controls by default
• type: bool
• depends on: CONFIG_SECURITY_SELINUX
• defined in security/selinux/Kconfig
• found in Linux kernels: 2.6.18–2.6.28

Help text

This option determines whether the new secmark-based network controls will be enabled by default. If not, the old internal per-packet controls will be enabled by default, preserving old behavior.

If you enable the new controls, you will need updated SELinux userspace libraries, tools and policy. Typically, your distribution will provide these and enable the new controls in the kernel they also distribute.

Note that this option can be overridden at boot with the selinux_compat_net parameter, and after boot via /selinux/compat_net. See Documentation/kernel-parameters.txt for details on this parameter.

If you enable the new network controls, you will likely also require the SECMARK and CONNSECMARK targets, as well as any conntrack helpers for protocols which you wish to control.

If you are unsure what to do here, select N.

Hardware

LKDDb

Raw data from LKDDb:

• (none)

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: