Commit | Line | Data |
---|---|---|
de1fd4a7 MCC |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | ================= | |
4 | LSM/SeLinux secid | |
5 | ================= | |
6 | ||
b6340fcd VY |
7 | flowi structure: |
8 | ||
9 | The secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate | |
10 | the label of the flow. This label of the flow is currently used in selecting | |
11 | matching labeled xfrm(s). | |
12 | ||
13 | If this is an outbound flow, the label is derived from the socket, if any, or | |
14 | the incoming packet this flow is being generated as a response to (e.g. tcp | |
15 | resets, timewait ack, etc.). It is also conceivable that the label could be | |
16 | derived from other sources such as process context, device, etc., in special | |
17 | cases, as may be appropriate. | |
18 | ||
19 | If this is an inbound flow, the label is derived from the IPSec security | |
20 | associations, if any, used by the packet. |