Hi, On 8/9/20 9:34 AM, Topi Miettinen wrote: > diff --git a/src/network_support.md b/src/network_support.md > index 62f87f2..23862ae 100644 > --- a/src/network_support.md > +++ b/src/network_support.md > @@ -1,20 +1,62 @@ > # SELinux Networking Support > > -SELinux supports the following types of network labeling: > +SELinux controls network access in the kernel at two locations: at the > +socket interface, and when packets are processed by the protocol > +stacks. Controls at the socket interface are invoked when a task makes > +network related system calls and thus the access permission checks > +mimic the sockets programming interface (e.g. ***bind**(2)* > +vs. `node_bind`). Packet controls are more distant from applications > +and they are invoked whenever any packets are received, forwarded or > +sent. > + > +Packet level controls include: > +* Packet labeling with SECMARK: class `packet` > +* Peer labeling with Labeled IPSec or NetLabel: class `peer` > +* Interface control: class `netif` > +* Network node control: class `node` > + > +Controls at socket interface include: > +* TCP/UDP/SCTP/DCCP ports: class `port` These two lists aren't rendered properly by pandoc, they need a newline before the first bullet point. -- bauen1 https://dn42.bauen1.xyz/
