On Thu, Apr 14, 2022 at 10:25 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Wed, Apr 13, 2022 at 9:25 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > checkpolicy(8) since 01b88ac3 ("checkpolicy: warn on bogus IP address or
> > netmask in nodecon statement") warns about host bits set in IPv6
> > addresses.
> > Adjust IPv6 netmasks in the libsepol tests so that the used address ::1
> > does not set any host bits and running the tests does not print several
> > of the following warnings:
> >
> > net_contexts:15:WARNING 'host bits in ipv6 address set' at token '' on line 594:
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > libsepol/tests/policies/test-deps/base-metreq.conf | 2 +-
> > libsepol/tests/policies/test-deps/base-notmetreq.conf | 2 +-
> > libsepol/tests/policies/test-deps/small-base.conf | 2 +-
> > libsepol/tests/policies/test-expander/alias-base.conf | 2 +-
> > libsepol/tests/policies/test-expander/role-base.conf | 2 +-
> > libsepol/tests/policies/test-expander/small-base.conf | 2 +-
> > libsepol/tests/policies/test-expander/user-base.conf | 2 +-
> > libsepol/tests/policies/test-hooks/cmp_policy.conf | 2 +-
> > libsepol/tests/policies/test-hooks/small-base.conf | 2 +-
> > libsepol/tests/policies/test-linker/small-base.conf | 2 +-
> > 10 files changed, 10 insertions(+), 10 deletions(-)
> >
> > diff --git a/libsepol/tests/policies/test-deps/base-metreq.conf b/libsepol/tests/policies/test-deps/base-metreq.conf
> > index 3e2f8407..b7528dde 100644
> > --- a/libsepol/tests/policies/test-deps/base-metreq.conf
> > +++ b/libsepol/tests/policies/test-deps/base-metreq.conf
> > @@ -516,7 +516,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-deps/base-notmetreq.conf b/libsepol/tests/policies/test-deps/base-notmetreq.conf
> > index 8ff3d204..eee36dca 100644
> > --- a/libsepol/tests/policies/test-deps/base-notmetreq.conf
> > +++ b/libsepol/tests/policies/test-deps/base-notmetreq.conf
> > @@ -503,7 +503,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-deps/small-base.conf b/libsepol/tests/policies/test-deps/small-base.conf
> > index 1411e624..98f49c23 100644
> > --- a/libsepol/tests/policies/test-deps/small-base.conf
> > +++ b/libsepol/tests/policies/test-deps/small-base.conf
> > @@ -504,7 +504,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-expander/alias-base.conf b/libsepol/tests/policies/test-expander/alias-base.conf
> > index 57d4520e..b950039d 100644
> > --- a/libsepol/tests/policies/test-expander/alias-base.conf
> > +++ b/libsepol/tests/policies/test-expander/alias-base.conf
> > @@ -494,7 +494,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-expander/role-base.conf b/libsepol/tests/policies/test-expander/role-base.conf
> > index a603390b..8e88b4be 100644
> > --- a/libsepol/tests/policies/test-expander/role-base.conf
> > +++ b/libsepol/tests/policies/test-expander/role-base.conf
> > @@ -476,7 +476,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-expander/small-base.conf b/libsepol/tests/policies/test-expander/small-base.conf
> > index 20005e3f..055ea054 100644
> > --- a/libsepol/tests/policies/test-expander/small-base.conf
> > +++ b/libsepol/tests/policies/test-expander/small-base.conf
> > @@ -714,7 +714,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-expander/user-base.conf b/libsepol/tests/policies/test-expander/user-base.conf
> > index 1f84fd76..b31ee8cd 100644
> > --- a/libsepol/tests/policies/test-expander/user-base.conf
> > +++ b/libsepol/tests/policies/test-expander/user-base.conf
> > @@ -480,7 +480,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-hooks/cmp_policy.conf b/libsepol/tests/policies/test-hooks/cmp_policy.conf
> > index 1eccf4a8..9082b333 100644
> > --- a/libsepol/tests/policies/test-hooks/cmp_policy.conf
> > +++ b/libsepol/tests/policies/test-hooks/cmp_policy.conf
> > @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-hooks/small-base.conf b/libsepol/tests/policies/test-hooks/small-base.conf
> > index 1eccf4a8..9082b333 100644
> > --- a/libsepol/tests/policies/test-hooks/small-base.conf
> > +++ b/libsepol/tests/policies/test-hooks/small-base.conf
> > @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> >
> >
> >
> > diff --git a/libsepol/tests/policies/test-linker/small-base.conf b/libsepol/tests/policies/test-linker/small-base.conf
> > index 2bc14656..890ebbeb 100644
> > --- a/libsepol/tests/policies/test-linker/small-base.conf
> > +++ b/libsepol/tests/policies/test-linker/small-base.conf
> > @@ -593,7 +593,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> > #
> > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0
> >
> > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0)
> >
> >
> >
> > --
> > 2.35.2
> >
