Merge branch 'upstream'

author: Jeff Garzik <jgarzik@pobox.com> 2006-01-17 18:29:06 +0300
committer: Jeff Garzik <jgarzik@pobox.com> 2006-01-17 18:29:06 +0300
commit: ea9b395fe20ac74be788f415af2622ac8f0c35c7 (patch)
tree: d1653e1a4cbe360aa7132ea4e29ab92a02038224 /security/Kconfig
parent: 61420e147a706ee7c7a902008045547fb2a2a330 (diff)
parent: 1bc4ccfff8675adc3d96f91245eb7e2dc0043ca9 (diff)
download: linux-ea9b395fe20ac74be788f415af2622ac8f0c35c7.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 64d3f1e9ca85..34f593410d57 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -54,6 +54,19 @@ config SECURITY_NETWORK
 	  implement socket and networking access controls.
 	  If you are unsure how to answer this question, answer N.
 
+config SECURITY_NETWORK_XFRM
+	bool "XFRM (IPSec) Networking Security Hooks"
+	depends on XFRM && SECURITY_NETWORK
+	help
+	  This enables the XFRM (IPSec) networking security hooks.
+	  If enabled, a security module can use these hooks to
+	  implement per-packet access controls based on labels
+	  derived from IPSec policy.  Non-IPSec communications are
+	  designated as unlabelled, and only sockets authorized
+	  to communicate unlabelled data can send without using
+	  IPSec.
+	  If you are unsure how to answer this question, answer N.
+
 config SECURITY_CAPABILITIES
 	tristate "Default Linux Capabilities"
 	depends on SECURITY
author	Jeff Garzik <jgarzik@pobox.com>	2006-01-17 18:29:06 +0300
committer	Jeff Garzik <jgarzik@pobox.com>	2006-01-17 18:29:06 +0300
commit	ea9b395fe20ac74be788f415af2622ac8f0c35c7 (patch)
tree	d1653e1a4cbe360aa7132ea4e29ab92a02038224 /security/Kconfig
parent	61420e147a706ee7c7a902008045547fb2a2a330 (diff)
parent	1bc4ccfff8675adc3d96f91245eb7e2dc0043ca9 (diff)
download	linux-ea9b395fe20ac74be788f415af2622ac8f0c35c7.tar.xz