Colon is not allowed in strings and breaks nft -f.
So move to quoted string in selctx output.
Before patch:
# nft list ruleset > rules.nft; cat rules.nft
table inet t {
secmark s {
system_u:object_r:ssh_server_packet_t:s0
}
}
# nft flush ruleset
# nft -f rules.nft
rules.nft:3:11-11: Error: syntax error, unexpected colon
system_u:object_r:ssh_server_packet_t:s0
^
After patch:
# nft list ruleset > rules.nft; cat rules.nft
table inet t {
secmark s {
"system_u:object_r:ssh_server_packet_t:s0"
}
}
# nft flush ruleset
# nft -f rules.nft
Fixes: 3bc84e5c ("src: add support for setting secmark")
Signed-off-by: Eric Jallot <ejallot@xxxxxxxxx>
---
src/rule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index 255fe37..e4aee9d 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1820,7 +1820,7 @@ static void obj_print_data(const struct obj *obj,
if (nft_output_handle(octx))
nft_print(octx, " # handle %" PRIu64,
obj->handle.handle.id);
nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
- nft_print(octx, "%s", obj->secmark.ctx);
+ nft_print(octx, "\"%s\"", obj->secmark.ctx);
nft_print(octx, "%s", opts->nl);
break;
case NFT_OBJECT_CT_HELPER:
--
1.8.3.1
