docs: netlabel: convert docs to ReST and rename to *.rst

Convert netlabel documentation to ReST. This was trivial: just add proper title markups. At its new index.rst, let's add a :orphan: while this is not linked to the main index.rst file, in order to avoid build warnings. Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
author: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> 2019-06-12 13:52:52 -0400
committer: Jonathan Corbet <corbet@lwn.net> 2019-06-14 16:23:30 -0400
commit: 593733ab80ac2c607acc1fc3fbaba5031d38253a (patch)
tree: d7cc25050c596e7843fc2ad013812aeebc35a793 /Documentation/netlabel
parent: 09bbf055c3329008522b4a9814afe412c202daa7 (diff)
5 files changed, 61 insertions, 16 deletions
diff --git a/Documentation/netlabel/cipso_ipv4.txt b/Documentation/netlabel/cipso_ipv4.rst
index a6075481fd60..cbd3f3231221 100644
--- a/Documentation/netlabel/cipso_ipv4.txt
+++ b/Documentation/netlabel/cipso_ipv4.rst
@@ -1,10 +1,13 @@
+===================================
 NetLabel CIPSO/IPv4 Protocol Engine
-==============================================================================
+===================================
 Paul Moore, paul.moore@hp.com
 May 17, 2006
- * Overview
+Overview
+========
 The NetLabel CIPSO/IPv4 protocol engine is based on the IETF Commercial
 IP Security Option (CIPSO) draft from July 16, 1992.  A copy of this
@@ -13,7 +16,8 @@ draft can be found in this directory
 it to an RFC standard it has become a de-facto standard for labeled
 networking and is used in many trusted operating systems.
- * Outbound Packet Processing
+Outbound Packet Processing
+==========================
 The CIPSO/IPv4 protocol engine applies the CIPSO IP option to packets by
 adding the CIPSO label to the socket.  This causes all packets leaving the
@@ -24,7 +28,8 @@ label by using the NetLabel security module API; if the NetLabel "domain" is
 configured to use CIPSO for packet labeling then a CIPSO IP option will be
 generated and attached to the socket.
- * Inbound Packet Processing
+Inbound Packet Processing
+=========================
 The CIPSO/IPv4 protocol engine validates every CIPSO IP option it finds at the
 IP layer without any special handling required by the LSM.  However, in order
@@ -33,7 +38,8 @@ NetLabel security module API to extract the security attributes of the packet.
 This is typically done at the socket layer using the 'socket_sock_rcv_skb()'
 LSM hook.
- * Label Translation
+Label Translation
+=================
 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
 attributes such as sensitivity level and category to values which are
@@ -42,7 +48,8 @@ Domain Of Interpretation (DOI) definition and are configured through the
 NetLabel user space communication layer.  Each DOI definition can have a
 different security attribute mapping table.
- * Label Translation Cache
+Label Translation Cache
+=======================
 The NetLabel system provides a framework for caching security attribute
 mappings from the network labels to the corresponding LSM identifiers.  The
diff --git a/Documentation/netlabel/draft_ietf.rst b/Documentation/netlabel/draft_ietf.rst
new file mode 100644
index 000000000000..5ed39ab8234b
--- /dev/null
+++ b/Documentation/netlabel/draft_ietf.rst
@@ -0,0 +1,5 @@
+Draft IETF CIPSO IP Security
+----------------------------
+ .. include:: draft-ietf-cipso-ipsecurity-01.txt
+    :literal:
diff --git a/Documentation/netlabel/index.rst b/Documentation/netlabel/index.rst
new file mode 100644
index 000000000000..47f1e0e5acd1
--- /dev/null
+++ b/Documentation/netlabel/index.rst
@@ -0,0 +1,21 @@
+:orphan:
+========
+NetLabel
+========
+.. toctree::
+    :maxdepth: 1
+    introduction
+    cipso_ipv4
+    lsm_interface
+    draft_ietf
+.. only::  subproject and html
+   Indices
+   =======
+   * :ref:`genindex`
diff --git a/Documentation/netlabel/introduction.txt b/Documentation/netlabel/introduction.rst
index 3caf77bcff0f..9333bbb0adc1 100644
--- a/Documentation/netlabel/introduction.txt
+++ b/Documentation/netlabel/introduction.rst
@@ -1,10 +1,13 @@
+=====================
 NetLabel Introduction
-==============================================================================
+=====================
 Paul Moore, paul.moore@hp.com
 August 2, 2006
- * Overview
+Overview
+========
 NetLabel is a mechanism which can be used by kernel security modules to attach
 security attributes to outgoing network packets generated from user space
@@ -12,7 +15,8 @@ applications and read security attributes from incoming network packets.  It
 is composed of three main components, the protocol engines, the communication
 layer, and the kernel security module API.
- * Protocol Engines
+Protocol Engines
+================
 The protocol engines are responsible for both applying and retrieving the
 network packet's security attributes.  If any translation between the network
@@ -24,7 +28,8 @@ the NetLabel kernel security module API described below.
 Detailed information about each NetLabel protocol engine can be found in this
 directory.
- * Communication Layer
+Communication Layer
+===================
 The communication layer exists to allow NetLabel configuration and monitoring
 from user space.  The NetLabel communication layer uses a message based
@@ -33,7 +38,8 @@ formatting of these NetLabel messages as well as the Generic NETLINK family
 names can be found in the 'net/netlabel/' directory as comments in the
 header files as well as in 'include/net/netlabel.h'.
- * Security Module API
+Security Module API
+===================
 The purpose of the NetLabel security module API is to provide a protocol
 independent interface to the underlying NetLabel protocol engines.  In addition
diff --git a/Documentation/netlabel/lsm_interface.txt b/Documentation/netlabel/lsm_interface.rst
index 638c74f7de7f..026fc267f798 100644
--- a/Documentation/netlabel/lsm_interface.txt
+++ b/Documentation/netlabel/lsm_interface.rst
@@ -1,10 +1,13 @@
+========================================
 NetLabel Linux Security Module Interface
-==============================================================================
+========================================
 Paul Moore, paul.moore@hp.com
 May 17, 2006
- * Overview
+Overview
+========
 NetLabel is a mechanism which can set and retrieve security attributes from
 network packets.  It is intended to be used by LSM developers who want to make
@@ -12,7 +15,8 @@ use of a common code base for several different packet labeling protocols.
 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
 brief overview is given below.
- * NetLabel Security Attributes
+NetLabel Security Attributes
+============================
 Since NetLabel supports multiple different packet labeling protocols and LSMs
 it uses the concept of security attributes to refer to the packet's security
@@ -24,7 +28,8 @@ configuration.  It is up to the LSM developer to translate the NetLabel
 security attributes into whatever security identifiers are in use for their
 particular LSM.
- * NetLabel LSM Protocol Operations
+NetLabel LSM Protocol Operations
+================================
 These are the functions which allow the LSM developer to manipulate the labels
 on outgoing packets as well as read the labels on incoming packets.  Functions
@@ -32,7 +37,8 @@ exist to operate both on sockets as well as the sk_buffs directly.  These high
 level functions are translated into low level protocol operations based on how
 the administrator has configured the NetLabel subsystem.
- * NetLabel Label Mapping Cache Operations
+NetLabel Label Mapping Cache Operations
+=======================================
 Depending on the exact configuration, translation between the network packet
 label and the internal LSM security identifier can be time consuming.  The
author	Mauro Carvalho Chehab <mchehab+samsung@kernel.org>	2019-06-12 13:52:52 -0400
committer	Jonathan Corbet <corbet@lwn.net>	2019-06-14 16:23:30 -0400
commit	593733ab80ac2c607acc1fc3fbaba5031d38253a (patch)
tree	d7cc25050c596e7843fc2ad013812aeebc35a793 /Documentation/netlabel
parent	09bbf055c3329008522b4a9814afe412c202daa7 (diff)

diff --git a/Documentation/netlabel/cipso_ipv4.txt b/Documentation/netlabel/cipso_ipv4.rst index a6075481fd60..cbd3f3231221 100644 --- a/Documentation/netlabel/cipso_ipv4.txt +++ b/Documentation/netlabel/cipso_ipv4.rst
@@ -1,10 +1,13 @@
		1	===================================
1	NetLabel CIPSO/IPv4 Protocol Engine	2	NetLabel CIPSO/IPv4 Protocol Engine
2	==============================================================================	3	===================================
		4
3	Paul Moore, paul.moore@hp.com	5	Paul Moore, paul.moore@hp.com
4		6
5	May 17, 2006	7	May 17, 2006
6		8
7	* Overview	9	Overview
		10	========
8		11
9	The NetLabel CIPSO/IPv4 protocol engine is based on the IETF Commercial	12	The NetLabel CIPSO/IPv4 protocol engine is based on the IETF Commercial
10	IP Security Option (CIPSO) draft from July 16, 1992. A copy of this	13	IP Security Option (CIPSO) draft from July 16, 1992. A copy of this
@@ -13,7 +16,8 @@ draft can be found in this directory
13	it to an RFC standard it has become a de-facto standard for labeled	16	it to an RFC standard it has become a de-facto standard for labeled
14	networking and is used in many trusted operating systems.	17	networking and is used in many trusted operating systems.
15		18
16	* Outbound Packet Processing	19	Outbound Packet Processing
		20	==========================
17		21
18	The CIPSO/IPv4 protocol engine applies the CIPSO IP option to packets by	22	The CIPSO/IPv4 protocol engine applies the CIPSO IP option to packets by
19	adding the CIPSO label to the socket. This causes all packets leaving the	23	adding the CIPSO label to the socket. This causes all packets leaving the
@@ -24,7 +28,8 @@ label by using the NetLabel security module API; if the NetLabel "domain" is
24	configured to use CIPSO for packet labeling then a CIPSO IP option will be	28	configured to use CIPSO for packet labeling then a CIPSO IP option will be
25	generated and attached to the socket.	29	generated and attached to the socket.
26		30
27	* Inbound Packet Processing	31	Inbound Packet Processing
		32	=========================
28		33
29	The CIPSO/IPv4 protocol engine validates every CIPSO IP option it finds at the	34	The CIPSO/IPv4 protocol engine validates every CIPSO IP option it finds at the
30	IP layer without any special handling required by the LSM. However, in order	35	IP layer without any special handling required by the LSM. However, in order
@@ -33,7 +38,8 @@ NetLabel security module API to extract the security attributes of the packet.
33	This is typically done at the socket layer using the 'socket_sock_rcv_skb()'	38	This is typically done at the socket layer using the 'socket_sock_rcv_skb()'
34	LSM hook.	39	LSM hook.
35		40
36	* Label Translation	41	Label Translation
		42	=================
37		43
38	The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security	44	The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
39	attributes such as sensitivity level and category to values which are	45	attributes such as sensitivity level and category to values which are
@@ -42,7 +48,8 @@ Domain Of Interpretation (DOI) definition and are configured through the
42	NetLabel user space communication layer. Each DOI definition can have a	48	NetLabel user space communication layer. Each DOI definition can have a
43	different security attribute mapping table.	49	different security attribute mapping table.
44		50
45	* Label Translation Cache	51	Label Translation Cache
		52	=======================
46		53
47	The NetLabel system provides a framework for caching security attribute	54	The NetLabel system provides a framework for caching security attribute
48	mappings from the network labels to the corresponding LSM identifiers. The	55	mappings from the network labels to the corresponding LSM identifiers. The


diff --git a/Documentation/netlabel/draft_ietf.rst b/Documentation/netlabel/draft_ietf.rst new file mode 100644 index 000000000000..5ed39ab8234b --- /dev/null +++ b/Documentation/netlabel/draft_ietf.rst
@@ -0,0 +1,5 @@
		1	Draft IETF CIPSO IP Security
		2	----------------------------
		3
		4	.. include:: draft-ietf-cipso-ipsecurity-01.txt
		5	:literal:


diff --git a/Documentation/netlabel/index.rst b/Documentation/netlabel/index.rst new file mode 100644 index 000000000000..47f1e0e5acd1 --- /dev/null +++ b/Documentation/netlabel/index.rst
@@ -0,0 +1,21 @@
		1	:orphan:
		2
		3	========
		4	NetLabel
		5	========
		6
		7	.. toctree::
		8	:maxdepth: 1
		9
		10	introduction
		11	cipso_ipv4
		12	lsm_interface
		13
		14	draft_ietf
		15
		16	.. only:: subproject and html
		17
		18	Indices
		19	=======
		20
		21	* :ref:`genindex`


diff --git a/Documentation/netlabel/introduction.txt b/Documentation/netlabel/introduction.rst index 3caf77bcff0f..9333bbb0adc1 100644 --- a/Documentation/netlabel/introduction.txt +++ b/Documentation/netlabel/introduction.rst
@@ -1,10 +1,13 @@
		1	=====================
1	NetLabel Introduction	2	NetLabel Introduction
2	==============================================================================	3	=====================
		4
3	Paul Moore, paul.moore@hp.com	5	Paul Moore, paul.moore@hp.com
4		6
5	August 2, 2006	7	August 2, 2006
6		8
7	* Overview	9	Overview
		10	========
8		11
9	NetLabel is a mechanism which can be used by kernel security modules to attach	12	NetLabel is a mechanism which can be used by kernel security modules to attach
10	security attributes to outgoing network packets generated from user space	13	security attributes to outgoing network packets generated from user space
@@ -12,7 +15,8 @@ applications and read security attributes from incoming network packets. It
12	is composed of three main components, the protocol engines, the communication	15	is composed of three main components, the protocol engines, the communication
13	layer, and the kernel security module API.	16	layer, and the kernel security module API.
14		17
15	* Protocol Engines	18	Protocol Engines
		19	================
16		20
17	The protocol engines are responsible for both applying and retrieving the	21	The protocol engines are responsible for both applying and retrieving the
18	network packet's security attributes. If any translation between the network	22	network packet's security attributes. If any translation between the network
@@ -24,7 +28,8 @@ the NetLabel kernel security module API described below.
24	Detailed information about each NetLabel protocol engine can be found in this	28	Detailed information about each NetLabel protocol engine can be found in this
25	directory.	29	directory.
26		30
27	* Communication Layer	31	Communication Layer
		32	===================
28		33
29	The communication layer exists to allow NetLabel configuration and monitoring	34	The communication layer exists to allow NetLabel configuration and monitoring
30	from user space. The NetLabel communication layer uses a message based	35	from user space. The NetLabel communication layer uses a message based
@@ -33,7 +38,8 @@ formatting of these NetLabel messages as well as the Generic NETLINK family
33	names can be found in the 'net/netlabel/' directory as comments in the	38	names can be found in the 'net/netlabel/' directory as comments in the
34	header files as well as in 'include/net/netlabel.h'.	39	header files as well as in 'include/net/netlabel.h'.
35		40
36	* Security Module API	41	Security Module API
		42	===================
37		43
38	The purpose of the NetLabel security module API is to provide a protocol	44	The purpose of the NetLabel security module API is to provide a protocol
39	independent interface to the underlying NetLabel protocol engines. In addition	45	independent interface to the underlying NetLabel protocol engines. In addition


diff --git a/Documentation/netlabel/lsm_interface.txt b/Documentation/netlabel/lsm_interface.rst index 638c74f7de7f..026fc267f798 100644 --- a/Documentation/netlabel/lsm_interface.txt +++ b/Documentation/netlabel/lsm_interface.rst
@@ -1,10 +1,13 @@
		1	========================================
1	NetLabel Linux Security Module Interface	2	NetLabel Linux Security Module Interface
2	==============================================================================	3	========================================
		4
3	Paul Moore, paul.moore@hp.com	5	Paul Moore, paul.moore@hp.com
4		6
5	May 17, 2006	7	May 17, 2006
6		8
7	* Overview	9	Overview
		10	========
8		11
9	NetLabel is a mechanism which can set and retrieve security attributes from	12	NetLabel is a mechanism which can set and retrieve security attributes from
10	network packets. It is intended to be used by LSM developers who want to make	13	network packets. It is intended to be used by LSM developers who want to make
@@ -12,7 +15,8 @@ use of a common code base for several different packet labeling protocols.
12	The NetLabel security module API is defined in 'include/net/netlabel.h' but a	15	The NetLabel security module API is defined in 'include/net/netlabel.h' but a
13	brief overview is given below.	16	brief overview is given below.
14		17
15	* NetLabel Security Attributes	18	NetLabel Security Attributes
		19	============================
16		20
17	Since NetLabel supports multiple different packet labeling protocols and LSMs	21	Since NetLabel supports multiple different packet labeling protocols and LSMs
18	it uses the concept of security attributes to refer to the packet's security	22	it uses the concept of security attributes to refer to the packet's security
@@ -24,7 +28,8 @@ configuration. It is up to the LSM developer to translate the NetLabel
24	security attributes into whatever security identifiers are in use for their	28	security attributes into whatever security identifiers are in use for their
25	particular LSM.	29	particular LSM.
26		30
27	* NetLabel LSM Protocol Operations	31	NetLabel LSM Protocol Operations
		32	================================
28		33
29	These are the functions which allow the LSM developer to manipulate the labels	34	These are the functions which allow the LSM developer to manipulate the labels
30	on outgoing packets as well as read the labels on incoming packets. Functions	35	on outgoing packets as well as read the labels on incoming packets. Functions
@@ -32,7 +37,8 @@ exist to operate both on sockets as well as the sk_buffs directly. These high
32	level functions are translated into low level protocol operations based on how	37	level functions are translated into low level protocol operations based on how
33	the administrator has configured the NetLabel subsystem.	38	the administrator has configured the NetLabel subsystem.
34		39
35	* NetLabel Label Mapping Cache Operations	40	NetLabel Label Mapping Cache Operations
		41	=======================================
36		42
37	Depending on the exact configuration, translation between the network packet	43	Depending on the exact configuration, translation between the network packet
38	label and the internal LSM security identifier can be time consuming. The	44	label and the internal LSM security identifier can be time consuming. The