Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2845] trunk/selinux-doc
|
From: <ssm...@us...> - 2008-03-07 15:35:49
|
Revision: 2845
http://selinux.svn.sourceforge.net/selinux/?rev=2845&view=rev
Author: ssmalley
Date: 2008-03-07 07:35:33 -0800 (Fri, 07 Mar 2008)
Log Message:
-----------
Add editorial comments noting the historical nature of these reports to avoid reader confusion.
Modified Paths:
--------------
trunk/selinux-doc/module/changes.sgml
trunk/selinux-doc/module/intro.sgml
trunk/selinux-doc/module/ip.sgml
trunk/selinux-doc/policy/intro.sgml
Modified: trunk/selinux-doc/module/changes.sgml
===================================================================
--- trunk/selinux-doc/module/changes.sgml 2008-03-07 15:30:22 UTC (rev 2844)
+++ trunk/selinux-doc/module/changes.sgml 2008-03-07 15:35:33 UTC (rev 2845)
@@ -491,6 +491,7 @@
2.6. There is one exception: a getpeercon API has been implemented to
support obtaining peer security contexts for Unix stream connections,
and is available in Linux 2.6.
+<comment>Note: The preceding statements are historical and no longer apply to modern SELinux systems, which do support labeled networking and APIs for getting peer and datagram contexts on both INET and Unix sockets.</comment>
</para>
</sect3>
Modified: trunk/selinux-doc/module/intro.sgml
===================================================================
--- trunk/selinux-doc/module/intro.sgml 2008-03-07 15:30:22 UTC (rev 2844)
+++ trunk/selinux-doc/module/intro.sgml 2008-03-07 15:35:33 UTC (rev 2845)
@@ -31,8 +31,6 @@
and several individuals, including Greg Kroah-Hartman and James
Morris, to develop a Linux kernel patch that implements this
framework. The LSM framework is included as part of the Linux 2.6 series.
-Documentation and papers about LSM are available from <ulink
-url="http://lsm.immunix.org/lsm_doc.html">the LSM web site</ulink>.
</para>
<para>
@@ -52,5 +50,9 @@
kernel object or kernel subsystem.
</para>
+<para>
+<comment>Note: This report predates modern enhancements to the SELinux kernel code, such as the introduction of labeled networking support (labeled IPSEC and NetLabel/CIPSO), the introduction of APIs for getting peer and datagram security contexts for INET and Unix socket IPC, and significant changes to the SELinux network access controls. Thus, while much of the discussion herein is still applicable, much has changed in modern SELinux kernels.</comment>
+</para>
+
</sect1>
Modified: trunk/selinux-doc/module/ip.sgml
===================================================================
--- trunk/selinux-doc/module/ip.sgml 2008-03-07 15:30:22 UTC (rev 2844)
+++ trunk/selinux-doc/module/ip.sgml 2008-03-07 15:35:33 UTC (rev 2845)
@@ -15,6 +15,7 @@
using only the socket layer hooks and NetFilter hooks, and some
functionality such as packet labeling was dropped from SELinux. This
section describes the SELinux NetFilter hook functions.
+<comment>Note: The preceding statements are historical and no longer apply to modern SELinux systems, which do include a set of network hooks and support packet labeling.</comment>
</para>
<para>
Modified: trunk/selinux-doc/policy/intro.sgml
===================================================================
--- trunk/selinux-doc/policy/intro.sgml 2008-03-07 15:30:22 UTC (rev 2844)
+++ trunk/selinux-doc/policy/intro.sgml 2008-03-07 15:35:33 UTC (rev 2845)
@@ -44,4 +44,8 @@
purposes.
</para>
+<para>
+<comment>Note: This report predates the transition from using the original NSA example policy configuration to using the reference policy, and the transition from monolithic policy to modular/managed policy. Thus, while some of the discussion herein is still applicable, much has changed in modern SELinux systems.</comment>
+</para>
+
</sect1>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
