On Thu, Sep 17, 2020 at 1:31 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > Document the IP_PASSSEC socket option and SCM_SECURITY > ancillary/control message type for UDP sockets. > > IP_PASSSEC for UDP sockets was introduced in Linux 2.6.17 [1]. > > Example NetLabel and IPSEC configurations and usage of this option > can be found in the SELinux Notebook [2] and SELinux testsuite [3]. > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c7946a7bf45ae86736ab3b43d0085e43947945c > > [2] https://github.com/SELinuxProject/selinux-notebook > > [3] https://github.com/SELinuxProject/selinux-testsuite > > Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > man7/ip.7 | 48 ++++++++++++++++++++++++++++++++++++++++++------ > 1 file changed, 42 insertions(+), 6 deletions(-) Thanks for including the note about the SCM_SECURITY/IP_HDRINCL conflict. I figure it's probably not the best for another SELinux person to ACK this, but I will mark it as "reviewed". Reviewed-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul moore www.paul-moore.com
