[PATCH v2] cil_network_labeling_statements: fixes nodecon examples

Dominick Grift <dominick.grift@xxxxxxxxxxx> · Tue, 8 Sep 2020 10:53:29 +0200

The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet
Use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737
Add ipv6 example: https://tools.ietf.org/html/rfc3849

Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx>
---
I added a ip6 example because the old style netmask makes that a bit unclear. I know I will appreciate such an example later on.

 .../docs/cil_network_labeling_statements.md   | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md
index 49a836c1..60aec80d 100644
--- a/secilc/docs/cil_network_labeling_statements.md
+++ b/secilc/docs/cil_network_labeling_statements.md
@@ -145,12 +145,21 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme
     (context context_1 (unconfined.user object_r unconfined.object low_low))
     (context context_2 (unconfined.user object_r unconfined.object (systemlow level_2)))
 
-    (ipaddr netmask_1 255.255.255.0)
-    (ipaddr ipv4_1 192.168.1.64)
+    (ipaddr netmask_1 255.255.255.255)
+    (ipaddr ipv4_1 192.0.2.64)
+
+    (nodecon ipv4_1 netmask_1 context_2)
+    (nodecon (192.0.2.64) (255.255.255.255) context_1)
+    (nodecon (192.0.2.64) netmask_1 (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
+
+    (context context_3 (sys.id sys.role my48prefix.node ((s0)(s0))))
+
+    (ipaddr netmask_2 ffff:ffff:ffff:0:0:0:0:0)
+    (ipaddr ipv6_2  2001:db8:1:0:0:0:0:0)
 
-    (nodecon netmask_1 ipv4_1 context_2)
-    (nodecon (255.255.255.0) (192.168.1.64) context_1)
-    (nodecon netmask_1 (192.168.1.64) (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
+    (nodecon ipv6_2 netmask_2 context_3)
+    (nodecon (2001:db8:1:0:0:0:0:0) (ffff:ffff:ffff:0:0:0:0:0) context_3)
+    (nodecon (2001:db8:1:0:0:0:0:0) netmask_2 (sys.id sys.role my48prefix.node ((s0)(s0))))
 
 portcon
 -------
-- 
2.28.0







