Group :: System/Base
RPM: netlabel_tools
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: netlabel_tools-0.30.0-alt.patch
Download
Download
.gear/netlabel_tools.spec | 63 +++++++++
.gear/rules | 3 +
.../tags/e9493c33ab8ccc76d26f3e1dfcc8396e22e8d4c7 | 6 +
.gear/tags/list | 1 +
include/libnetlabel.h | 2 +
include/netlabel.h | 3 +
libnetlabel/mod_mgmt.c | 149 +++++++++++++++++++++
netlabelctl/main.c | 1 +
netlabelctl/map.c | 41 ++++++
9 files changed, 269 insertions(+)
diff --git a/.gear/netlabel_tools.spec b/.gear/netlabel_tools.spec
new file mode 100644
index 0000000..96a8ba8
--- /dev/null
+++ b/.gear/netlabel_tools.spec
@@ -0,0 +1,63 @@
+Name: netlabel_tools
+Version: 0.30.0
+Release: alt2%ubt
+Summary: Configuration tools for the Linux NetLabel subsystem
+License: %gpl2only
+Group: System/Base
+Url: https://github.com/netlabel/netlabel_tools
+
+Source: %name-%version.tar
+Patch1: %name-%version-alt.patch
+
+BuildRequires(pre): rpm-build-licenses rpm-build-ubt
+BuildRequires: libnl-devel doxygen systemd-devel
+
+%description
+NetLabel is a packet labeling framework that has been present in the upstream
+Linux Kernel since 2.6.19. The NetLabel Tools project is a set of userspace
+tools and libraries designed to make it easier to use and manage the Linux
+Kernel's NetLabel configuration.
+
+%prep
+%setup
+%patch1 -p1
+
+%build
+%autoreconf
+%configure --with-systemdsystemunitdir=auto
+%make_build
+
+%install
+%makeinstall_std
+
+%files
+%config(noreplace) %_sysconfdir/netlabel.rules
+%systemd_unitdir/netlabel.service
+%_sbindir/netlabel-config
+%_sbindir/netlabelctl
+%_man8dir/netlabel-config.8.*
+%_man8dir/netlabelctl.8.*
+
+%changelog
+* Tue Apr 03 2018 Aleksei Nikiforov <darktemplar@altlinux.org> 0.30.0-alt2%ubt
+- Updated to upstream version 0.30.0.
+
+* Thu Mar 22 2018 Igor Vlasenko <viy@altlinux.ru> 0.21-alt2
+- NMU: added URL
+
+* Wed Jan 18 2017 Anton Farygin <rider@altlinux.ru> 0.21-alt1%ubt
+- added ubt tag
+- netlabel.rules marked as non-replaced config
+
+* Tue Jan 17 2017 Anton Farygin <rider@altlinux.ru> 0.21-alt1
+- updated to 0.21
+
+* Tue Jan 12 2016 Mikhail Efremov <sem@altlinux.org> 0.20-alt3
+- Don't specify extensions for man pages.
+- Port to libnl3.
+
+* Wed Jul 17 2013 Andriy Stepanov <stanv@altlinux.ru> 0.20-alt2
+- Add mark s0 flag
+
+* Thu Jun 20 2013 Andriy Stepanov <stanv@altlinux.ru> 0.20-alt1
+- Initial build for ALT Linux
diff --git a/.gear/rules b/.gear/rules
new file mode 100644
index 0000000..415efe4
--- /dev/null
+++ b/.gear/rules
@@ -0,0 +1,3 @@
+spec: .gear/netlabel_tools.spec
+tar: v@version@:.
+diff: v@version@:. . name=@name@-@version@-alt.patch
diff --git a/.gear/tags/e9493c33ab8ccc76d26f3e1dfcc8396e22e8d4c7 b/.gear/tags/e9493c33ab8ccc76d26f3e1dfcc8396e22e8d4c7
new file mode 100644
index 0000000..f553b67
--- /dev/null
+++ b/.gear/tags/e9493c33ab8ccc76d26f3e1dfcc8396e22e8d4c7
@@ -0,0 +1,6 @@
+object 341fe04eb75127b94af9bc6dbfa809e021e09364
+type commit
+tag v0.30.0
+tagger Paul Moore <paul@paul-moore.com> 1481237290 -0500
+
+version 0.30.0
diff --git a/.gear/tags/list b/.gear/tags/list
new file mode 100644
index 0000000..985b403
--- /dev/null
+++ b/.gear/tags/list
@@ -0,0 +1 @@
+e9493c33ab8ccc76d26f3e1dfcc8396e22e8d4c7 v0.30.0
diff --git a/include/libnetlabel.h b/include/libnetlabel.h
index a377337..ef7280d 100644
--- a/include/libnetlabel.h
+++ b/include/libnetlabel.h
@@ -324,6 +324,8 @@ int nlbl_mgmt_deldef(struct nlbl_handle *hndl);
int nlbl_mgmt_listall(struct nlbl_handle *hndl, struct nlbl_dommap **domains);
int nlbl_mgmt_listdef(struct nlbl_handle *hndl, uint16_t family,
struct nlbl_dommap *domain);
+int nlbl_mgmt_s0_set(struct nlbl_handle *hndl, uint8_t mark_flag);
+int nlbl_mgmt_s0_get(struct nlbl_handle *hndl, uint8_t *mark_flag);
/* Unlabeled Traffic */
int nlbl_unlbl_accept(struct nlbl_handle *hndl, uint8_t allow_flag);
diff --git a/include/netlabel.h b/include/netlabel.h
index 3dc8711..389c273 100644
--- a/include/netlabel.h
+++ b/include/netlabel.h
@@ -69,6 +69,8 @@ enum {NLBL_MGMT_C_LISTDEF,
NLBL_MGMT_C_PROTOCOLS,
NLBL_MGMT_C_VERSION,
+ NLBL_MGMT_C_S0_SET,
+ NLBL_MGMT_C_S0_GET,
__NLBL_MGMT_C_MAX,
};
#define NLBL_MGMT_C_MAX (__NLBL_MGMT_C_MAX - 1)
@@ -90,6 +92,7 @@ enum {NLBL_MGMT_A_SELECTORLIST,
NLBL_MGMT_A_FAMILY,
NLBL_MGMT_A_CLPDOI,
+ NLBL_MGMT_A_S0,
__NLBL_MGMT_A_MAX,
};
#define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
diff --git a/libnetlabel/mod_mgmt.c b/libnetlabel/mod_mgmt.c
index e334ab5..6a36369 100644
--- a/libnetlabel/mod_mgmt.c
+++ b/libnetlabel/mod_mgmt.c
@@ -285,6 +285,155 @@ init_return:
*/
/**
+ * Set the mark s0 flag
+ * @param hndl the NetLabel handle
+ * @param mark_flag the desired s0 flag setting
+ *
+ * Set the mark s0 flag in the NetLabel system; if @mark_flag is
+ * true then set the mark s0 flag, otherwise clear the flag. If @hndl is NULL
+ * then the function will handle opening and closing it's own NetLabel handle.
+ * Returns zero on success, negative values on failure.
+ *
+ */
+int nlbl_mgmt_s0_set(struct nlbl_handle *hndl, uint8_t mark_flag)
+{+ int ret_val = -ENOMEM;
+ struct nlbl_handle *p_hndl = hndl;
+ nlbl_msg *msg = NULL;
+ nlbl_msg *ans_msg = NULL;
+
+ /* sanity checks */
+ if (nlbl_mgmt_fid == 0)
+ return -ENOPROTOOPT;
+
+ /* open a handle if we need one */
+ if (p_hndl == NULL) {+ p_hndl = nlbl_comm_open();
+ if (p_hndl == NULL)
+ goto accept_return;
+ }
+
+ /* create a new message */
+ msg = nlbl_mgmt_msg_new(NLBL_MGMT_C_S0_SET, 0);
+ if (msg == NULL)
+ goto accept_return;
+
+ /* add the required attributes to the message */
+ if (mark_flag)
+ ret_val = nla_put_u8(msg, NLBL_MGMT_A_S0, 1);
+ else
+ ret_val = nla_put_u8(msg, NLBL_MGMT_A_S0, 0);
+ if (ret_val != 0)
+ goto accept_return;
+
+ /* send the request */
+ ret_val = nlbl_comm_send(p_hndl, msg);
+ if (ret_val <= 0) {+ if (ret_val == 0)
+ ret_val = -ENODATA;
+ goto accept_return;
+ }
+
+ /* read the response */
+ ret_val = nlbl_mgmt_recv(p_hndl, &ans_msg);
+ if (ret_val <= 0) {+ if (ret_val == 0)
+ ret_val = -ENODATA;
+ goto accept_return;
+ }
+
+ /* process the response */
+ ret_val = nlbl_mgmt_parse_ack(ans_msg);
+
+accept_return:
+ if (hndl == NULL)
+ nlbl_comm_close(p_hndl);
+ nlbl_msg_free(msg);
+ nlbl_msg_free(ans_msg);
+ return ret_val;
+}
+
+/**
+ * Query the s0 mark flag
+ * @param hndl the NetLabel handle
+ * @param mark_flag the current s0 mark flag setting
+ *
+ * Query the s0 mark flag in the NetLabel system. If @hndl is NULL then
+ * the function will handle opening and closing it's own NetLabel handle.
+ * Returns zero on success, negative values on failure.
+ *
+ */
+int nlbl_mgmt_s0_get(struct nlbl_handle *hndl, uint8_t *mark_flag)
+{+ int ret_val = -ENOMEM;
+ struct nlbl_handle *p_hndl = hndl;
+ nlbl_msg *msg = NULL;
+ nlbl_msg *ans_msg = NULL;
+ struct genlmsghdr *genl_hdr;
+ struct nlattr *nla;
+
+ /* sanity checks */
+ if (mark_flag == NULL)
+ return -EINVAL;
+ if (nlbl_mgmt_fid == 0)
+ return -ENOPROTOOPT;
+
+ /* open a handle if we need one */
+ if (p_hndl == NULL) {+ p_hndl = nlbl_comm_open();
+ if (p_hndl == NULL)
+ goto list_return;
+ }
+
+ /* create a new message */
+ msg = nlbl_mgmt_msg_new(NLBL_MGMT_C_S0_GET, 0);
+ if (msg == NULL)
+ goto list_return;
+
+ /* send the request */
+ ret_val = nlbl_comm_send(p_hndl, msg);
+ if (ret_val <= 0) {+ if (ret_val == 0)
+ ret_val = -ENODATA;
+ goto list_return;
+ }
+
+ /* read the response */
+ ret_val = nlbl_mgmt_recv(p_hndl, &ans_msg);
+ if (ret_val <= 0) {+ if (ret_val == 0)
+ ret_val = -ENODATA;
+ goto list_return;
+ }
+
+ /* check the response */
+ ret_val = nlbl_mgmt_parse_ack(ans_msg);
+ if (ret_val < 0 && ret_val != -ENOMSG)
+ goto list_return;
+ genl_hdr = nlbl_msg_genlhdr(ans_msg);
+ if (genl_hdr == NULL || genl_hdr->cmd != NLBL_MGMT_C_S0_GET) {+ ret_val = -EBADMSG;
+ goto list_return;
+ }
+
+ /* process the response */
+ nla = nlbl_attr_find(ans_msg, NLBL_MGMT_A_S0);
+ if (nla == NULL)
+ goto list_return;
+ *mark_flag = nla_get_u8(nla);
+
+ ret_val = 0;
+
+list_return:
+ if (hndl == NULL)
+ nlbl_comm_close(p_hndl);
+ nlbl_msg_free(msg);
+ nlbl_msg_free(ans_msg);
+ return ret_val;
+}
+
+
+/**
* Determine the supported list of NetLabel protocols
* @param hndl the NetLabel handle
* @param protocols protocol array
diff --git a/netlabelctl/main.c b/netlabelctl/main.c
index 0aa1d56..48b5f9a 100644
--- a/netlabelctl/main.c
+++ b/netlabelctl/main.c
@@ -97,6 +97,7 @@ static void nlctl_help_print(FILE *fp)
" version\n"
" protocols\n"
" map : Domain/Protocol mapping\n"
+ " s0 on|off\n"
" add default|domain:<domain> [address:<ADDR>[/<MASK>]]\n"
" protocol:<protocol>[,<extra>]\n"
" del default|domain:<domain>\n"
diff --git a/netlabelctl/map.c b/netlabelctl/map.c
index 6ebc4f5..d075c19 100644
--- a/netlabelctl/map.c
+++ b/netlabelctl/map.c
@@ -35,6 +35,39 @@
#include "netlabelctl.h"
/**
+ * Set the NetLabel s0 flag
+ * @param argc the number of arguments
+ * @param argv the argument list
+ *
+ * Set the kernel's label s0 flag. Returns zero on success,
+ * negative values on failure.
+ *
+ */
+int map_s0(int argc, char *argv[])
+{+ int rc;
+ uint8_t flag;
+
+ /* sanity check */
+ if (argc != 1 || argv == NULL || argv[0] == NULL)
+ return -EINVAL;
+
+ /* set or reset the flag? */
+ if (strcasecmp(argv[0], "on") == 0 || strcmp(argv[0], "1") == 0)
+ flag = 1;
+ else if (strcasecmp(argv[0], "off") == 0 || strcmp(argv[0], "0") == 0)
+ flag = 0;
+ else
+ return -EINVAL;
+
+ rc = nlbl_mgmt_s0_set(NULL, flag);
+ if (rc < 0)
+ return rc;
+
+ return 0;
+}
+
+/**
* Add a domain mapping to NetLabel
* @param argc the number of arguments
* @param argv the argument list
@@ -330,6 +363,11 @@ static int map_list(int argc, char *argv[])
size_t count, def_count;
uint32_t iter;
uint16_t *family, families[] = {AF_INET, AF_INET6, AF_UNSPEC /* terminator */};+ uint8_t flag;
+
+ /* display the s0 mark flag */
+ rc = nlbl_mgmt_s0_get(NULL, &flag);
+ printf("Mark s0 packets: %s\n", ((rc < 0) ? "unsupported" : (flag ? "on" : "off")));/* get the list of mappings */
rc = nlbl_mgmt_listall(NULL, &mapping);
@@ -405,6 +443,9 @@ int map_main(int argc, char *argv[])
} else if (strcmp(argv[0], "list") == 0) {/* list the domain mappings */
rc = map_list(argc - 1, argv + 1);
+ } else if (strcmp(argv[0], "s0") == 0) {+ /* accept flag */
+ rc = map_s0(argc - 1, argv + 1);
} else {/* unknown request */
rc = -EINVAL;