Network Access Control Changes
-
Motivation: Many of the LSM network security fields and hooks
rejected for 2.5.
-
Retained general socket layer hooks and Unix domain socket
hooks.
-
Reworking sock_rcv_skb hook and NetFilter hooks to provide
subset of original SELinux functionality.
-
Revisiting set of network access controls based on experience
to date.