SOURCES: netlabel_tools.init (NEW), netlabel_tools-new-hdrs.patch ...
arekm
arekm at pld-linux.org
Mon Nov 27 13:49:26 CET 2006
Author: arekm Date: Mon Nov 27 12:49:26 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- new
---- Files affected:
SOURCES:
netlabel_tools.init (NONE -> 1.1) (NEW), netlabel_tools-new-hdrs.patch (NONE -> 1.1) (NEW), netlabel_tools.patch (NONE -> 1.1) (NEW), netlabel_tools.rules (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/netlabel_tools.init
diff -u /dev/null SOURCES/netlabel_tools.init:1.1
--- /dev/null Mon Nov 27 13:49:26 2006
+++ SOURCES/netlabel_tools.init Mon Nov 27 13:49:21 2006
@@ -0,0 +1,119 @@
+#!/bin/sh
+#
+# netlabel Start CIPSO labeled networking
+#
+# chkconfig: - 09 91
+# description: Starts and stops CIPSO labeled networking
+#
+# config: /etc/netlabel.rules
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+VAR_SUBSYS_NETLABEL=/var/lock/subsys/netlabel
+RULES=/etc/netlabel.rules
+
+# Source function library.
+. /etc/init.d/functions
+
+# Check that we are root ... so non-root users stop here
+test `id -u` = 0 || exit 4
+test -x /sbin/netlabelctl || exit 5
+test -f $RULES || exit 6
+
+start() {
+ ret_val="0"
+
+ # Loop through rules
+ while read LINE
+ do
+ # Skip comments and blank lines
+ if echo $LINE | egrep '^#|^$' >/dev/null ; then
+ continue
+ fi
+ /sbin/netlabelctl $LINE >/dev/null 2>&1
+ ret="$?"
+ if [ "$ret" != "0" ] ; then
+ ret_val="$ret"
+ fi
+ done < $RULES
+ touch $VAR_SUBSYS_NETLABEL
+ return $ret_val
+}
+
+stop() {
+ rm -f $VAR_SUBSYS_NETLABEL
+
+ # Delete rules
+ list=`/sbin/netlabelctl cipsov4 list 2>/dev/null`
+ ret="$?"
+ if [ x"$list" != "x" ] ; then
+ for line in "$list"
+ do
+ /sbin/netlabelctl cipsov4 del "doi:$line" 2>/dev/null
+ ret="$?"
+ done
+ fi
+ return $ret
+}
+
+status() {
+ # Do not print status if lockfile is missing
+ if [ ! -f "$VAR_SUBSYS_NETLABEL" ]; then
+ echo $"Netlabel is stopped."
+ return 7
+ fi
+
+ # List rules
+ /sbin/netlabelctl -p cipsov4 list 2>/dev/null
+ ret1="$?"
+ /sbin/netlabelctl -p mgmt list 2>/dev/null
+ ret2="$?"
+
+ if [ "$ret1" != "0" -o "$ret2" != "0" ] ; then
+ return 1
+ fi
+ return 0
+}
+
+restart() {
+ stop
+ start
+}
+
+case "$1" in
+ start)
+ stop
+ start
+ RETVAL="$?"
+ ;;
+ stop)
+ stop
+ RETVAL="$?"
+ ;;
+ restart)
+ restart
+ RETVAL="$?"
+ ;;
+ condrestart)
+ [ -e "$VAR_SUBSYS_NETLABEL" ] && restart
+ ;;
+ status)
+ status
+ RETVAL="$?"
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|condrestart|status}"
+ exit 3
+ ;;
+esac
+
+exit $RETVAL
================================================================
Index: SOURCES/netlabel_tools-new-hdrs.patch
diff -u /dev/null SOURCES/netlabel_tools-new-hdrs.patch:1.1
--- /dev/null Mon Nov 27 13:49:26 2006
+++ SOURCES/netlabel_tools-new-hdrs.patch Mon Nov 27 13:49:21 2006
@@ -0,0 +1,26 @@
+--- netlabel_tools-0.16-orig/Makefile 2006-06-27 13:06:28.000000000 -0400
++++ netlabel_tools-0.16/Makefile 2006-08-29 16:42:09.000000000 -0400
+@@ -43,8 +43,9 @@ INSTALL_SBIN_DIR = $(INSTALL_PREFIX)/sbi
+ INSTALL_BIN_DIR = $(INSTALL_PREFIX)/bin
+ INSTALL_MAN_DIR = $(INSTALL_PREFIX)/share/man
+
+-OWNER = root
+-GROUP = root
++# Mock doesn't allow this.
++#OWNER = root
++#GROUP = root
+
+ #
+ # targets
+@@ -77,9 +78,9 @@ install: $(SUBDIRS)
+ @echo "INFO: installing files in $(INSTALL_PREFIX)"
+ @mkdir -p $(INSTALL_SBIN_DIR)
+ @mkdir -p $(INSTALL_MAN_DIR)/man8
+- @install -o $(OWNER) -g $(GROUP) -m 755 netlabelctl/netlabelctl \
++ @install -m 755 netlabelctl/netlabelctl \
+ $(INSTALL_SBIN_DIR)/netlabelctl
+- @install -o $(OWNER) -g $(GROUP) -m 644 docs/man/netlabelctl.8 \
++ @install -m 644 docs/man/netlabelctl.8 \
+ $(INSTALL_MAN_DIR)/man8
+
+ clean:
================================================================
Index: SOURCES/netlabel_tools.patch
diff -u /dev/null SOURCES/netlabel_tools.patch:1.1
--- /dev/null Mon Nov 27 13:49:26 2006
+++ SOURCES/netlabel_tools.patch Mon Nov 27 13:49:21 2006
@@ -0,0 +1,29 @@
+Index: netlabelctl/cipsov4.c
+===================================================================
+--- netlabelctl/cipsov4.c (revision 27)
++++ netlabelctl/cipsov4.c (revision 28)
+@@ -236,7 +236,7 @@
+ printf("STANDARD");
+ break;
+ case CIPSO_V4_MAP_PASS:
+- printf("PASS_THROUGH\n");
++ printf("PASS_THROUGH");
+ break;
+ default:
+ printf("UNKNOWN(%u)", mtype_list[iter]);
+Index: netlabelctl/map.c
+===================================================================
+--- netlabelctl/map.c (revision 27)
++++ netlabelctl/map.c (revision 28)
+@@ -224,8 +224,10 @@
+ printf("UNKNOWN(%u)", domain_p[iter].proto_type);
+ break;
+ }
+- printf(" ");
++ if (iter + 1 < count)
++ printf(" ");
+ }
++ printf("\n");
+ }
+
+ list_return:
================================================================
Index: SOURCES/netlabel_tools.rules
diff -u /dev/null SOURCES/netlabel_tools.rules:1.1
--- /dev/null Mon Nov 27 13:49:26 2006
+++ SOURCES/netlabel_tools.rules Mon Nov 27 13:49:21 2006
@@ -0,0 +1,9 @@
+# This file contains the rules for the Netlabel subsystem
+# Each line contains just the arguments to the netlabel command
+
+# creates a CIPSO/IPv4 definition using a DOI value of 1
+cipsov4 add std doi:1 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2
+
+# tell the NetLabel system to use this CIPSO/IPv4 defintion by default
+mgmt add default protocol:cipsov4,1
+
================================================================
More information about the pld-cvs-commit
mailing list