From e8bcdb84dc0937b65ca1e9167b436b21375b96ab Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Tue, 8 Sep 2020 10:53:29 +0200 Subject: [PATCH] cil_network_labeling_statements: fixes nodecon examples The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet Use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737 Add ipv6 example: https://tools.ietf.org/html/rfc3849 Signed-off-by: Dominick Grift --- .../docs/cil_network_labeling_statements.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md index 49a836c16c55..60aec80d7988 100644 --- a/secilc/docs/cil_network_labeling_statements.md +++ b/secilc/docs/cil_network_labeling_statements.md @@ -145,12 +145,21 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme (context context_1 (unconfined.user object_r unconfined.object low_low)) (context context_2 (unconfined.user object_r unconfined.object (systemlow level_2))) - (ipaddr netmask_1 255.255.255.0) - (ipaddr ipv4_1 192.168.1.64) + (ipaddr netmask_1 255.255.255.255) + (ipaddr ipv4_1 192.0.2.64) + + (nodecon ipv4_1 netmask_1 context_2) + (nodecon (192.0.2.64) (255.255.255.255) context_1) + (nodecon (192.0.2.64) netmask_1 (unconfined.user object_r unconfined.object ((s0) (s0 (c0))))) + + (context context_3 (sys.id sys.role my48prefix.node ((s0)(s0)))) + + (ipaddr netmask_2 ffff:ffff:ffff:0:0:0:0:0) + (ipaddr ipv6_2 2001:db8:1:0:0:0:0:0) - (nodecon netmask_1 ipv4_1 context_2) - (nodecon (255.255.255.0) (192.168.1.64) context_1) - (nodecon netmask_1 (192.168.1.64) (unconfined.user object_r unconfined.object ((s0) (s0 (c0))))) + (nodecon ipv6_2 netmask_2 context_3) + (nodecon (2001:db8:1:0:0:0:0:0) (ffff:ffff:ffff:0:0:0:0:0) context_3) + (nodecon (2001:db8:1:0:0:0:0:0) netmask_2 (sys.id sys.role my48prefix.node ((s0)(s0)))) portcon ------- -- 2.29.2