[SECMARK]: Add xtables SECMARK target

Add a SECMARK target to xtables, allowing the admin to apply security marks to packets via both iptables and ip6tables. The target currently handles SELinux security marking, but can be extended for other purposes as needed. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: James Morris <jmorris@namei.org> 2006-06-09 00:30:57 -0700
committer: David S. Miller <davem@sunset.davemloft.net> 2006-06-17 21:29:59 -0700
commit: 5e6874cdb8de94cd3c15d853a8ef9c6f4c305055 (patch)
tree: 3f289088db7512d55d6e46d1d14c5d18f07f9b4f /net/netfilter/Kconfig
parent: 984bc16cc92ea3c247bf34ad667cfb95331b9d3c (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 85a7e1770252..10eccdd4d6ea 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -174,6 +174,15 @@ config NETFILTER_XT_TARGET_NOTRACK
 	  If you want to compile it as a module, say M here and read
 	  <file:Documentation/modules.txt>.  If unsure, say `N'.
 
+config NETFILTER_XT_TARGET_SECMARK
+	tristate '"SECMARK" target support'
+	depends on NETFILTER_XTABLES && NETWORK_SECMARK
+	help
+	  The SECMARK target allows security marking of network
+	  packets, for use with security subsystems.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
 config NETFILTER_XT_MATCH_COMMENT
 	tristate  '"comment" match support'
 	depends on NETFILTER_XTABLES
author	James Morris <jmorris@namei.org>	2006-06-09 00:30:57 -0700
committer	David S. Miller <davem@sunset.davemloft.net>	2006-06-17 21:29:59 -0700
commit	5e6874cdb8de94cd3c15d853a8ef9c6f4c305055 (patch)
tree	3f289088db7512d55d6e46d1d14c5d18f07f9b4f /net/netfilter/Kconfig
parent	984bc16cc92ea3c247bf34ad667cfb95331b9d3c (diff)