On Fri, Oct 2, 2020 at 9:01 AM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote: > > On Tue, Sep 8, 2020 at 10:53 AM Dominick Grift > <dominick.grift@xxxxxxxxxxx> wrote: > > > > The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet > > Use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737 > > Add ipv6 example: https://tools.ietf.org/html/rfc3849 > > It seems that this patch slipped through the review process, as there > could have been some confusion about the repository it was for. It > seems to me that it is for https://github.com/SELinuxProject/selinux, > and its contents looks good. Thanks! > > Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> > > If nobody complains, I will apply this patch tonight. > Nicolas Merged. Thanks! Nicolas > > Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx> > > --- > > I added a ip6 example because the old style netmask makes that a bit unclear. I know I will appreciate such an example later on. > > > > .../docs/cil_network_labeling_statements.md | 19 ++++++++++++++----- > > 1 file changed, 14 insertions(+), 5 deletions(-) > > > > diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md > > index 49a836c1..60aec80d 100644 > > --- a/secilc/docs/cil_network_labeling_statements.md > > +++ b/secilc/docs/cil_network_labeling_statements.md > > @@ -145,12 +145,21 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme > > (context context_1 (unconfined.user object_r unconfined.object low_low)) > > (context context_2 (unconfined.user object_r unconfined.object (systemlow level_2))) > > > > - (ipaddr netmask_1 255.255.255.0) > > - (ipaddr ipv4_1 192.168.1.64) > > + (ipaddr netmask_1 255.255.255.255) > > + (ipaddr ipv4_1 192.0.2.64) > > + > > + (nodecon ipv4_1 netmask_1 context_2) > > + (nodecon (192.0.2.64) (255.255.255.255) context_1) > > + (nodecon (192.0.2.64) netmask_1 (unconfined.user object_r unconfined.object ((s0) (s0 (c0))))) > > + > > + (context context_3 (sys.id sys.role my48prefix.node ((s0)(s0)))) > > + > > + (ipaddr netmask_2 ffff:ffff:ffff:0:0:0:0:0) > > + (ipaddr ipv6_2 2001:db8:1:0:0:0:0:0) > > > > - (nodecon netmask_1 ipv4_1 context_2) > > - (nodecon (255.255.255.0) (192.168.1.64) context_1) > > - (nodecon netmask_1 (192.168.1.64) (unconfined.user object_r unconfined.object ((s0) (s0 (c0))))) > > + (nodecon ipv6_2 netmask_2 context_3) > > + (nodecon (2001:db8:1:0:0:0:0:0) (ffff:ffff:ffff:0:0:0:0:0) context_3) > > + (nodecon (2001:db8:1:0:0:0:0:0) netmask_2 (sys.id sys.role my48prefix.node ((s0)(s0)))) > > > > portcon > > ------- > > -- > > 2.28.0 > >
