docs: netlabel: convert docs to ReST and rename to *.rst

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Convert netlabel documentation to ReST.

This was trivial: just add proper title markups.

At its new index.rst, let's add a :orphan: while this is not linked to
the main index.rst file, in order to avoid build warnings.

Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

authored by

Mauro Carvalho Chehab and committed by

Jonathan Corbet 6 years ago 593733ab 09bbf055

+61 -16

5 changed files

expand all

Documentation

netlabel

cipso_ipv4.rst

draft_ietf.rst

index.rst

introduction.rst

lsm_interface.rst

+13 -6

Documentation/netlabel/cipso_ipv4.txt Documentation/netlabel/cipso_ipv4.rst

··· 1 + =================================== 1 2 NetLabel CIPSO/IPv4 Protocol Engine 2 - ============================================================================== 3 + =================================== 4 + 3 5 Paul Moore, paul.moore@hp.com 4 6 5 7 May 17, 2006 6 8 7 - * Overview 9 + Overview 10 + ======== 8 11 9 12 The NetLabel CIPSO/IPv4 protocol engine is based on the IETF Commercial 10 13 IP Security Option (CIPSO) draft from July 16, 1992. A copy of this ··· 16 13 it to an RFC standard it has become a de-facto standard for labeled 17 14 networking and is used in many trusted operating systems. 18 15 19 - * Outbound Packet Processing 16 + Outbound Packet Processing 17 + ========================== 20 18 21 19 The CIPSO/IPv4 protocol engine applies the CIPSO IP option to packets by 22 20 adding the CIPSO label to the socket. This causes all packets leaving the ··· 28 24 configured to use CIPSO for packet labeling then a CIPSO IP option will be 29 25 generated and attached to the socket. 30 26 31 - * Inbound Packet Processing 27 + Inbound Packet Processing 28 + ========================= 32 29 33 30 The CIPSO/IPv4 protocol engine validates every CIPSO IP option it finds at the 34 31 IP layer without any special handling required by the LSM. However, in order ··· 38 33 This is typically done at the socket layer using the 'socket_sock_rcv_skb()' 39 34 LSM hook. 40 35 41 - * Label Translation 36 + Label Translation 37 + ================= 42 38 43 39 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security 44 40 attributes such as sensitivity level and category to values which are ··· 48 42 NetLabel user space communication layer. Each DOI definition can have a 49 43 different security attribute mapping table. 50 44 51 - * Label Translation Cache 45 + Label Translation Cache 46 + ======================= 52 47 53 48 The NetLabel system provides a framework for caching security attribute 54 49 mappings from the network labels to the corresponding LSM identifiers. The

Documentation/netlabel/draft_ietf.rst

··· 1 + Draft IETF CIPSO IP Security 2 + ---------------------------- 3 + 4 + .. include:: draft-ietf-cipso-ipsecurity-01.txt 5 + :literal:

+21

Documentation/netlabel/index.rst

··· 1 + :orphan: 2 + 3 + ======== 4 + NetLabel 5 + ======== 6 + 7 + .. toctree:: 8 + :maxdepth: 1 9 + 10 + introduction 11 + cipso_ipv4 12 + lsm_interface 13 + 14 + draft_ietf 15 + 16 + .. only:: subproject and html 17 + 18 + Indices 19 + ======= 20 + 21 + * :ref:`genindex`

+11 -5

Documentation/netlabel/introduction.txt Documentation/netlabel/introduction.rst

··· 1 + ===================== 1 2 NetLabel Introduction 2 - ============================================================================== 3 + ===================== 4 + 3 5 Paul Moore, paul.moore@hp.com 4 6 5 7 August 2, 2006 6 8 7 - * Overview 9 + Overview 10 + ======== 8 11 9 12 NetLabel is a mechanism which can be used by kernel security modules to attach 10 13 security attributes to outgoing network packets generated from user space ··· 15 12 is composed of three main components, the protocol engines, the communication 16 13 layer, and the kernel security module API. 17 14 18 - * Protocol Engines 15 + Protocol Engines 16 + ================ 19 17 20 18 The protocol engines are responsible for both applying and retrieving the 21 19 network packet's security attributes. If any translation between the network ··· 28 24 Detailed information about each NetLabel protocol engine can be found in this 29 25 directory. 30 26 31 - * Communication Layer 27 + Communication Layer 28 + =================== 32 29 33 30 The communication layer exists to allow NetLabel configuration and monitoring 34 31 from user space. The NetLabel communication layer uses a message based ··· 38 33 names can be found in the 'net/netlabel/' directory as comments in the 39 34 header files as well as in 'include/net/netlabel.h'. 40 35 41 - * Security Module API 36 + Security Module API 37 + =================== 42 38 43 39 The purpose of the NetLabel security module API is to provide a protocol 44 40 independent interface to the underlying NetLabel protocol engines. In addition

+11 -5

Documentation/netlabel/lsm_interface.txt Documentation/netlabel/lsm_interface.rst

··· 1 + ======================================== 1 2 NetLabel Linux Security Module Interface 2 - ============================================================================== 3 + ======================================== 4 + 3 5 Paul Moore, paul.moore@hp.com 4 6 5 7 May 17, 2006 6 8 7 - * Overview 9 + Overview 10 + ======== 8 11 9 12 NetLabel is a mechanism which can set and retrieve security attributes from 10 13 network packets. It is intended to be used by LSM developers who want to make ··· 15 12 The NetLabel security module API is defined in 'include/net/netlabel.h' but a 16 13 brief overview is given below. 17 14 18 - * NetLabel Security Attributes 15 + NetLabel Security Attributes 16 + ============================ 19 17 20 18 Since NetLabel supports multiple different packet labeling protocols and LSMs 21 19 it uses the concept of security attributes to refer to the packet's security ··· 28 24 security attributes into whatever security identifiers are in use for their 29 25 particular LSM. 30 26 31 - * NetLabel LSM Protocol Operations 27 + NetLabel LSM Protocol Operations 28 + ================================ 32 29 33 30 These are the functions which allow the LSM developer to manipulate the labels 34 31 on outgoing packets as well as read the labels on incoming packets. Functions ··· 37 32 level functions are translated into low level protocol operations based on how 38 33 the administrator has configured the NetLabel subsystem. 39 34 40 - * NetLabel Label Mapping Cache Operations 35 + NetLabel Label Mapping Cache Operations 36 + ======================================= 41 37 42 38 Depending on the exact configuration, translation between the network packet 43 39 label and the internal LSM security identifier can be time consuming. The