LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

ip.7: srcfix: rewrap source lines in Stephen Smalley's patch 

(No content changes.)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2020-09-17 09:33:46 +02:00
parent 3c63603499
commit 7e915f4c58
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
man7/ip.7
View File

@ -983,21 +983,20 @@ structure as described under
.BR SO_PEERSEC " (since Linux 2.6.17)"
If labeled IPSEC or NetLabel is configured on both the sending and
receiving hosts, this read-only socket option returns the security
context of the peer socket connected to this socket. By default, this
will be the same as the security context of the process that created
context of the peer socket connected to this socket.
By default,
this will be the same as the security context of the process that created
the peer socket unless overridden by the policy or by a process with
the required permissions.
.IP
The argument to
.BR getsockopt (2)
is a pointer to a
buffer of the specified length in bytes
is a pointer to a buffer of the specified length in bytes
into which the security context string will be copied.
If the buffer length is less than the length of the security
context string, then
.BR getsockopt (2)
will return the required length
via
will return the required length via
.I optlen
and return \-1 and sets
.I errno
@ -1006,33 +1005,34 @@ to
The caller should allocate at least
.BR NAME_MAX
bytes for the buffer initially although this is not guaranteed
to be sufficient. Resizing the buffer to the returned length
to be sufficient.
Resizing the buffer to the returned length
and retrying may be necessary.
.IP
The security context string may include a terminating null character
in the returned length, but is not guaranteed to do so: a security
context "foo" might be represented as either {'f','o','o'} of length 3
or {'f','o','o','\\0'} of length 4, which are considered to be
interchangeable. It is printable, does not contain non-terminating
null characters, and is in an unspecified encoding (in particular it
interchangeable.
It is printable, does not contain non-terminating null characters,
and is in an unspecified encoding (in particular it
is not guaranteed to be ASCII or UTF-8).
.IP
The use of this option for sockets in the
.B AF_INET
address family
is supported since Linux 2.6.17
address family is supported since Linux 2.6.17
.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c
for TCP sockets and since Linux
4.17
for TCP sockets and since Linux 4.17
.\" commit d452930fd3b9031e59abfeddb2fa383f1403d61a
for SCTP sockets.
.IP
For SELinux, NetLabel only conveys the MLS portion of the security
context of the peer across the wire, defaulting the rest of the
security context to the values defined in the policy for the
netmsg initial security identifier (SID). However, NetLabel can
be configured to pass full security contexts over loopback. Labeled
IPSEC always passes full security contexts as part of establishing
netmsg initial security identifier (SID).
However, NetLabel can
be configured to pass full security contexts over loopback.
Labeled IPSEC always passes full security contexts as part of establishing
the security association (SA) and looks them up based on the association
for each packet.
.SS /proc interfaces