Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - S index

CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT: NSA SELinux enable new secmark network controls by default

General informations


Help text

This option determines whether the new secmark-based network controls will be enabled by default. If not, the old internal per-packet controls will be enabled by default, preserving old behavior.

If you enable the new controls, you will need updated SELinux userspace libraries, tools and policy. Typically, your distribution will provide these and enable the new controls in the kernel they also distribute.

Note that this option can be overridden at boot with the selinux_compat_net parameter, and after boot via /selinux/compat_net. See Documentation/kernel-parameters.txt for details on this parameter.

If you enable the new network controls, you will likely also require the SECMARK and CONNSECMARK targets, as well as any conntrack helpers for protocols which you wish to control.

If you are unsure what to do here, select N.



Raw data from LKDDb:


This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

Automatic links from Google (and ads)

Custom Search

Popular queries:

Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - S index

Automatically generated (in year 2023). See also LKDDb sources on GitLab