rpms/netlabel_tools/devel netlabel_tools-0.17-newlibnl.patch, NONE, 1.1 netlabel.rules, 1.1, 1.2 netlabel_tools.spec, 1.6, 1.7
Steve Conklin (sconklin)
fedora-extras-commits at redhat.com
Thu Feb 7 19:06:30 UTC 2008
- Previous message (by thread): rpms/kde-filesystem/F-8 kde-filesystem.spec,1.11,1.12
- Next message (by thread): rpms/xkeyboard-config/OLPC-2 xkeyboard-config-olpc-af-AE09.patch, NONE, 1.1 xkeyboard-config-olpc-kh-olpc-section-add.patch, NONE, 1.1 xkeyboard-config-olpc-misc.patch, NONE, 1.1 xkeyboard-config.spec, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sconklin
Update of /cvs/pkgs/rpms/netlabel_tools/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20706
Modified Files:
netlabel.rules netlabel_tools.spec
Added Files:
netlabel_tools-0.17-newlibnl.patch
Log Message:
Changes to match upstream
netlabel_tools-0.17-newlibnl.patch:
--- NEW FILE netlabel_tools-0.17-newlibnl.patch ---
--- netlabel_tools-0.17/libnetlabel/netlabel_comm.c.spc 2008-02-07 08:57:38.000000000 -0600
+++ netlabel_tools-0.17/libnetlabel/netlabel_comm.c 2008-02-07 09:02:01.000000000 -0600
@@ -8,19 +8,17 @@
/*
* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
@@ -100,7 +98,10 @@
goto open_failure;
/* set the netlink handle properties */
-#if LIBNL_VERSION >= 1006
+#if LIBNL_VERSION >= 1008
+ nl_socket_set_peer_port(hndl->nl_hndl, 0);
+ nl_set_passcred(hndl->nl_hndl, 1);
+#elif LIBNL_VERSION == 1006
nl_handle_set_peer_pid(hndl->nl_hndl, 0);
nl_set_passcred(hndl->nl_hndl, 1);
#endif
@@ -177,7 +178,11 @@
* is waiting to be read from the handle */
timeout.tv_sec = nlcomm_read_timeout;
timeout.tv_usec = 0;
+#if LIBNL_VERSION >= 1008
+ nl_fd = nl_socket_get_fd(hndl->nl_hndl);
+#else
nl_fd = nl_handle_get_fd(hndl->nl_hndl);
+#endif
FD_ZERO(&read_fds);
FD_SET(nl_fd, &read_fds);
ret_val = select(nl_fd + 1, &read_fds, NULL, NULL, &timeout);
@@ -250,7 +255,11 @@
* is waiting to be read from the handle */
timeout.tv_sec = nlcomm_read_timeout;
timeout.tv_usec = 0;
+#if LIBNL_VERSION >= 1008
+ nl_fd = nl_socket_get_fd(hndl->nl_hndl);
+#else
nl_fd = nl_handle_get_fd(hndl->nl_hndl);
+#endif
FD_ZERO(&read_fds);
FD_SET(nl_fd, &read_fds);
ret_val = select(nl_fd + 1, &read_fds, NULL, NULL, &timeout);
@@ -349,6 +358,6 @@
#if LIBNL_VERSION == 1005
return nl_send_auto_complete(hndl->nl_hndl, nlbl_msg_nlhdr(msg));
#elif LIBNL_VERSION >= 1006
- return = nl_send_auto_complete(hndl->nl_hndl, msg);
+ return nl_send_auto_complete(hndl->nl_hndl, msg);
#endif
}
--- netlabel_tools-0.17/libnetlabel/netlabel_internal.h.spc 2008-02-07 08:58:27.000000000 -0600
+++ netlabel_tools-0.17/libnetlabel/netlabel_internal.h 2008-02-07 09:02:01.000000000 -0600
@@ -8,19 +8,17 @@
/*
* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
@@ -37,11 +35,12 @@
/* Specify which version of libnl we are using */
/* 1.0-pre5 => 1005 */
/* 1.0-pre6 => 1006 */
-#define LIBNL_VERSION 1005
+/* 1.0-pre8 => 1008 */
+#define LIBNL_VERSION 1008
/* XXX - this whole block will most likely go away once libnl supports Generic
* Netlink */
-#if 1 /* Generic Netlink types */
+#if LIBNL_VERSION <= 1006 /* Generic Netlink types */
/* Generic Netlink message header */
struct genlmsghdr {
--- netlabel_tools-0.17/libnetlabel/netlabel_msg.c.spc 2008-02-07 08:57:55.000000000 -0600
+++ netlabel_tools-0.17/libnetlabel/netlabel_msg.c 2008-02-07 09:02:01.000000000 -0600
@@ -8,19 +8,17 @@
/*
* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
- * the GNU General Public License for more details.
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
@@ -52,7 +50,11 @@
struct genlmsghdr genl_hdr;
/* create the message with a simple netlink header */
+#if LIBNL_VERSION >= 1008
+ msg = nlmsg_alloc();
+#else
msg = nlmsg_build_no_hdr();
+#endif
if (msg == NULL)
goto msg_new_failure;
Index: netlabel.rules
===================================================================
RCS file: /cvs/pkgs/rpms/netlabel_tools/devel/netlabel.rules,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- netlabel.rules 16 Oct 2006 20:37:32 -0000 1.1
+++ netlabel.rules 7 Feb 2008 19:05:38 -0000 1.2
@@ -1,9 +1,59 @@
-# This file contains the rules for the Netlabel subsystem
+# This file contains the rules for the Netlabel subsystem, for more information
+# please see the netlabelctl(1) man page.
+#
# Each line contains just the arguments to the netlabel command
-# creates a CIPSO/IPv4 definition using a DOI value of 1
-cipsov4 add std doi:1 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2
+####
+# NOTE: By default the kernel sends unlabeled traffic and allows unlabled
+# traffic into the system, to disable that add the following two lines to
+# the beginning of your configuration. However, be warned that you
+# should only change these settings if you know what you are doing as you
+# could accidently disable networking with a bad configuration.
+#
-# tell the NetLabel system to use this CIPSO/IPv4 defintion by default
-mgmt add default protocol:cipsov4,1
+# Remove the default domain mapping
+#map del default
+# Do not accept incoming unlabeled packets
+#unlbl accept off
+
+####
+# Unlabeled examples:
+#
+
+# Enable unlabeled packets
+#unlbl accept on
+
+# Disable unlabeled packets
+#unlbl accept off
+
+
+####
+# CIPSOv4 examples:
+#
+
+# Create a CIPSOv4 DOI definition using a pass-through mapping with a DOI
+# value of 6 and the restricted bitmap tag (CIPSOv4 tag type #1)
+#cipsov4 add pass doi:6 tags:1
+
+# Create a CIPSOv4 DOI definition using a standard mapping with a DOI value
+# of 8 and the restricted bitmap tag (CIPSOv4 tag type #1). The example
+# below maps MLS sensitivity levels and categories 0 through 2 to the same
+# values for both CIPSO and the Linux LSM
+#cipsov4 add std doi:8 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2
+
+
+####
+# LSM mapping examples:
+#
+
+# Create a default mapping for all LSM domains using the unlabeled protocol
+#map add default protocol:unlbl
+
+# Create a default mapping for all LSM domains using the CIPSOv4 protocol
+# with DOI number 6
+#map add default protocol:cipsov4,6
+
+# Create a mapping for the "secret_t" LSM domain and the CIPSOv4 protocol
+# with DOI number 8
+#map add domain:secret_t protocol:cipsov4,8
Index: netlabel_tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/netlabel_tools/devel/netlabel_tools.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- netlabel_tools.spec 16 Oct 2006 20:54:59 -0000 1.6
+++ netlabel_tools.spec 7 Feb 2008 19:05:38 -0000 1.7
@@ -1,18 +1,16 @@
-
-%define home_base_url http://free.linux.hp.com/~pmoore/projects/linux_cipso
-
Summary: Tools to manage the Linux NetLabel subsystem
Name: netlabel_tools
Version: 0.17
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPL
Group: System Environment/Daemons
-URL: %{home_base_url}
-Source0: %{home_base_url}/%{name}-%{version}.tar.gz
+URL: http://netlabel.sf.net/
+Source0: http://downloads.sourceforge.net/netlabel/%{name}-%{version}.tar.gz
Source1: netlabel
Source2: netlabel.rules
Patch1: netlabel_tools-0.17-new-hdrs.patch
Patch2: netlabel_tools-27_28.patch
+Patch3: netlabel_tools-0.17-newlibnl.patch
BuildRoot: %{_tmppath}/%{name}-%{version}
BuildRequires: kernel-headers >= 2.6.18
BuildRequires: libnl-devel
@@ -31,6 +29,7 @@
%patch1 -p1
# Upstream patch.
%patch2 -p0
+%patch3 -p1
%build
# Don't use _smp_mflags, it's small and a hand crafted Makefile
@@ -57,6 +56,12 @@
%attr(0644,root,root) %{_mandir}/man8/*
%changelog
+* Thu Feb 7 2008 Steve Conklin <sconklin at redhat.com> - 0.17-6
+- Various fixes to follow upstream
+- Resolves bz#431765 The example configuration file is invalid
+- Resolves bz#431766 The netlabelctl command fails to run due to newer libnl package
+- Resolves bz#431767 The url listed in the netlabel_tools package is wrong
+
* Mon Oct 16 2006 James Antill <james at and.org> - 0.17-3
- Add upstream patch.
- s/p1/p0/ for upstream patch.
- Previous message (by thread): rpms/kde-filesystem/F-8 kde-filesystem.spec,1.11,1.12
- Next message (by thread): rpms/xkeyboard-config/OLPC-2 xkeyboard-config-olpc-af-AE09.patch, NONE, 1.1 xkeyboard-config-olpc-kh-olpc-section-add.patch, NONE, 1.1 xkeyboard-config-olpc-misc.patch, NONE, 1.1 xkeyboard-config.spec, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list