Re: [PATCH v2] cil_network_labeling_statements: fixes nodecon examples

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Sep 8, 2020 at 10:53 AM Dominick Grift
<dominick.grift@xxxxxxxxxxx> wrote:
>
> The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet
> Use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737
> Add ipv6 example: https://tools.ietf.org/html/rfc3849

It seems that this patch slipped through the review process, as there
could have been some confusion about the repository it was for. It
seems to me that it is for https://github.com/SELinuxProject/selinux,
and its contents looks good. Thanks!

Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>

If nobody complains, I will apply this patch tonight.
Nicolas

> Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx>
> ---
> I added a ip6 example because the old style netmask makes that a bit unclear. I know I will appreciate such an example later on.
>
>  .../docs/cil_network_labeling_statements.md   | 19 ++++++++++++++-----
>  1 file changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md
> index 49a836c1..60aec80d 100644
> --- a/secilc/docs/cil_network_labeling_statements.md
> +++ b/secilc/docs/cil_network_labeling_statements.md
> @@ -145,12 +145,21 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme
>      (context context_1 (unconfined.user object_r unconfined.object low_low))
>      (context context_2 (unconfined.user object_r unconfined.object (systemlow level_2)))
>
> -    (ipaddr netmask_1 255.255.255.0)
> -    (ipaddr ipv4_1 192.168.1.64)
> +    (ipaddr netmask_1 255.255.255.255)
> +    (ipaddr ipv4_1 192.0.2.64)
> +
> +    (nodecon ipv4_1 netmask_1 context_2)
> +    (nodecon (192.0.2.64) (255.255.255.255) context_1)
> +    (nodecon (192.0.2.64) netmask_1 (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
> +
> +    (context context_3 (sys.id sys.role my48prefix.node ((s0)(s0))))
> +
> +    (ipaddr netmask_2 ffff:ffff:ffff:0:0:0:0:0)
> +    (ipaddr ipv6_2  2001:db8:1:0:0:0:0:0)
>
> -    (nodecon netmask_1 ipv4_1 context_2)
> -    (nodecon (255.255.255.0) (192.168.1.64) context_1)
> -    (nodecon netmask_1 (192.168.1.64) (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
> +    (nodecon ipv6_2 netmask_2 context_3)
> +    (nodecon (2001:db8:1:0:0:0:0:0) (ffff:ffff:ffff:0:0:0:0:0) context_3)
> +    (nodecon (2001:db8:1:0:0:0:0:0) netmask_2 (sys.id sys.role my48prefix.node ((s0)(s0))))
>
>  portcon
>  -------
> --
> 2.28.0
>
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux