mirror of https://github.com/mkerrisk/man-pages
ip.7: srcfix: rewrap source lines in Stephen Smalley's patch
(No content changes.) Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
3c63603499
commit
7e915f4c58
32
man7/ip.7
32
man7/ip.7
|
@ -983,21 +983,20 @@ structure as described under
|
|||
.BR SO_PEERSEC " (since Linux 2.6.17)"
|
||||
If labeled IPSEC or NetLabel is configured on both the sending and
|
||||
receiving hosts, this read-only socket option returns the security
|
||||
context of the peer socket connected to this socket. By default, this
|
||||
will be the same as the security context of the process that created
|
||||
context of the peer socket connected to this socket.
|
||||
By default,
|
||||
this will be the same as the security context of the process that created
|
||||
the peer socket unless overridden by the policy or by a process with
|
||||
the required permissions.
|
||||
.IP
|
||||
The argument to
|
||||
.BR getsockopt (2)
|
||||
is a pointer to a
|
||||
buffer of the specified length in bytes
|
||||
is a pointer to a buffer of the specified length in bytes
|
||||
into which the security context string will be copied.
|
||||
If the buffer length is less than the length of the security
|
||||
context string, then
|
||||
.BR getsockopt (2)
|
||||
will return the required length
|
||||
via
|
||||
will return the required length via
|
||||
.I optlen
|
||||
and return \-1 and sets
|
||||
.I errno
|
||||
|
@ -1006,33 +1005,34 @@ to
|
|||
The caller should allocate at least
|
||||
.BR NAME_MAX
|
||||
bytes for the buffer initially although this is not guaranteed
|
||||
to be sufficient. Resizing the buffer to the returned length
|
||||
to be sufficient.
|
||||
Resizing the buffer to the returned length
|
||||
and retrying may be necessary.
|
||||
.IP
|
||||
The security context string may include a terminating null character
|
||||
in the returned length, but is not guaranteed to do so: a security
|
||||
context "foo" might be represented as either {'f','o','o'} of length 3
|
||||
or {'f','o','o','\\0'} of length 4, which are considered to be
|
||||
interchangeable. It is printable, does not contain non-terminating
|
||||
null characters, and is in an unspecified encoding (in particular it
|
||||
interchangeable.
|
||||
It is printable, does not contain non-terminating null characters,
|
||||
and is in an unspecified encoding (in particular it
|
||||
is not guaranteed to be ASCII or UTF-8).
|
||||
.IP
|
||||
The use of this option for sockets in the
|
||||
.B AF_INET
|
||||
address family
|
||||
is supported since Linux 2.6.17
|
||||
address family is supported since Linux 2.6.17
|
||||
.\" commit 2c7946a7bf45ae86736ab3b43d0085e43947945c
|
||||
for TCP sockets and since Linux
|
||||
4.17
|
||||
for TCP sockets and since Linux 4.17
|
||||
.\" commit d452930fd3b9031e59abfeddb2fa383f1403d61a
|
||||
for SCTP sockets.
|
||||
.IP
|
||||
For SELinux, NetLabel only conveys the MLS portion of the security
|
||||
context of the peer across the wire, defaulting the rest of the
|
||||
security context to the values defined in the policy for the
|
||||
netmsg initial security identifier (SID). However, NetLabel can
|
||||
be configured to pass full security contexts over loopback. Labeled
|
||||
IPSEC always passes full security contexts as part of establishing
|
||||
netmsg initial security identifier (SID).
|
||||
However, NetLabel can
|
||||
be configured to pass full security contexts over loopback.
|
||||
Labeled IPSEC always passes full security contexts as part of establishing
|
||||
the security association (SA) and looks them up based on the association
|
||||
for each packet.
|
||||
.SS /proc interfaces
|
||||
|
|
Loading…
Reference in New Issue