netlabelctl(1) NetLabel Documentation netlabelctl(1)NAMEnetlabelctl - NetLabel control utility
SYNOPSISnetlabelctl [<flags>] <module> [<commands>]
DESCRIPTIONnetlabelctl allows privileged users to query and manipulate the NetLa‐
bel subsystem within the kernel.
OPTIONS
Flags
-h Help message
-p Attempt to make the output "pretty"
-t <seconds>
Set a timeout to be used when waiting for the NetLabel subsystem
to respond
-v Enable extra output
-V Display the version information
Modules
mgmt The following commands are valid within this module
version
protocols
map The following commands are valid within this module
add default|domain:<domain> protocol:<protocol>[,<extra>]
del default|domain:<domain>
list
unlbl The following commands are valid within this module
accept on|off
list
cipsov4
The following commands are valid within this module
add std doi:<DOI> tags:<T1>,<Tn> levels:<LL1>=<RL1>,<LLn>=<RLn>
categories:<LC1>=<RC1>,<LCn>=<RCn>
add pass doi:<DOI> tags:<T1>,<Tn>
del doi:<DOI>
list [doi:<DOI>]
EXAMPLESnetlabelctl cipsov4 add std doi:8 tags:1 levels:0=0,1=1 cate‐
gories:0=1,1=0
Add a CIPSO/IPv4 mapping with a DOI value of "8", using CIPSO
tag "1" (the permissive bitmap tag). The specified mapping con‐
verts local LSM levels "0" and "1" to CIPSO levels "0" and "1"
respectively while local LSM categories "0" and "1" are mapped
to CIPSO categories "1" and "0" respectively.
netlabelctl map add domain:lsm_specific_string protocol:cipsov4,8
Add a domain mapping so that all outgoing packets asscoiated
with the specified LSM domain string will be labeled according
to the CIPSO/IPv4 protocol using DOI 8.
NOTES
This program is currently under development, please report any bugs to
the author.
AUTHOR
Paul Moore <paul.moore@hp.com>
SEE ALSO
<other pages to be created at a future date>
paul.moore@hp.com 14 July 2006 netlabelctl(1)