| Message ID | 20220413160517.64145-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 80137479d153 |
| Headers | show |
| Series | libsepol/tests: adjust IPv6 netmasks | expand |
On Wed, Apr 13, 2022 at 9:25 PM Christian Göttsche <cgzones@googlemail.com> wrote: > > checkpolicy(8) since 01b88ac3 ("checkpolicy: warn on bogus IP address or > netmask in nodecon statement") warns about host bits set in IPv6 > addresses. > Adjust IPv6 netmasks in the libsepol tests so that the used address ::1 > does not set any host bits and running the tests does not print several > of the following warnings: > > net_contexts:15:WARNING 'host bits in ipv6 address set' at token '' on line 594: > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/tests/policies/test-deps/base-metreq.conf | 2 +- > libsepol/tests/policies/test-deps/base-notmetreq.conf | 2 +- > libsepol/tests/policies/test-deps/small-base.conf | 2 +- > libsepol/tests/policies/test-expander/alias-base.conf | 2 +- > libsepol/tests/policies/test-expander/role-base.conf | 2 +- > libsepol/tests/policies/test-expander/small-base.conf | 2 +- > libsepol/tests/policies/test-expander/user-base.conf | 2 +- > libsepol/tests/policies/test-hooks/cmp_policy.conf | 2 +- > libsepol/tests/policies/test-hooks/small-base.conf | 2 +- > libsepol/tests/policies/test-linker/small-base.conf | 2 +- > 10 files changed, 10 insertions(+), 10 deletions(-) > > diff --git a/libsepol/tests/policies/test-deps/base-metreq.conf b/libsepol/tests/policies/test-deps/base-metreq.conf > index 3e2f8407..b7528dde 100644 > --- a/libsepol/tests/policies/test-deps/base-metreq.conf > +++ b/libsepol/tests/policies/test-deps/base-metreq.conf > @@ -516,7 +516,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > # > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > diff --git a/libsepol/tests/policies/test-deps/base-notmetreq.conf b/libsepol/tests/policies/test-deps/base-notmetreq.conf > index 8ff3d204..eee36dca 100644 > --- a/libsepol/tests/policies/test-deps/base-notmetreq.conf > +++ b/libsepol/tests/policies/test-deps/base-notmetreq.conf > @@ -503,7 +503,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > # > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > diff --git a/libsepol/tests/policies/test-deps/small-base.conf b/libsepol/tests/policies/test-deps/small-base.conf > index 1411e624..98f49c23 100644 > --- a/libsepol/tests/policies/test-deps/small-base.conf > +++ b/libsepol/tests/policies/test-deps/small-base.conf > @@ -504,7 +504,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > # > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > diff --git a/libsepol/tests/policies/test-expander/alias-base.conf b/libsepol/tests/policies/test-expander/alias-base.conf > index 57d4520e..b950039d 100644 > --- a/libsepol/tests/policies/test-expander/alias-base.conf > +++ b/libsepol/tests/policies/test-expander/alias-base.conf > @@ -494,7 +494,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) > # > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) > > > > diff --git a/libsepol/tests/policies/test-expander/role-base.conf b/libsepol/tests/policies/test-expander/role-base.conf > index a603390b..8e88b4be 100644 > --- a/libsepol/tests/policies/test-expander/role-base.conf > +++ b/libsepol/tests/policies/test-expander/role-base.conf > @@ -476,7 +476,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) > # > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) > > > > diff --git a/libsepol/tests/policies/test-expander/small-base.conf b/libsepol/tests/policies/test-expander/small-base.conf > index 20005e3f..055ea054 100644 > --- a/libsepol/tests/policies/test-expander/small-base.conf > +++ b/libsepol/tests/policies/test-expander/small-base.conf > @@ -714,7 +714,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > # > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > diff --git a/libsepol/tests/policies/test-expander/user-base.conf b/libsepol/tests/policies/test-expander/user-base.conf > index 1f84fd76..b31ee8cd 100644 > --- a/libsepol/tests/policies/test-expander/user-base.conf > +++ b/libsepol/tests/policies/test-expander/user-base.conf > @@ -480,7 +480,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) > # > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) > > > > diff --git a/libsepol/tests/policies/test-hooks/cmp_policy.conf b/libsepol/tests/policies/test-hooks/cmp_policy.conf > index 1eccf4a8..9082b333 100644 > --- a/libsepol/tests/policies/test-hooks/cmp_policy.conf > +++ b/libsepol/tests/policies/test-hooks/cmp_policy.conf > @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) > # > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > > > diff --git a/libsepol/tests/policies/test-hooks/small-base.conf b/libsepol/tests/policies/test-hooks/small-base.conf > index 1eccf4a8..9082b333 100644 > --- a/libsepol/tests/policies/test-hooks/small-base.conf > +++ b/libsepol/tests/policies/test-hooks/small-base.conf > @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) > # > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > > > diff --git a/libsepol/tests/policies/test-linker/small-base.conf b/libsepol/tests/policies/test-linker/small-base.conf > index 2bc14656..890ebbeb 100644 > --- a/libsepol/tests/policies/test-linker/small-base.conf > +++ b/libsepol/tests/policies/test-linker/small-base.conf > @@ -593,7 +593,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) > # > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > > > -- > 2.35.2 >
On Thu, Apr 14, 2022 at 10:25 AM James Carter <jwcart2@gmail.com> wrote: > > On Wed, Apr 13, 2022 at 9:25 PM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > checkpolicy(8) since 01b88ac3 ("checkpolicy: warn on bogus IP address or > > netmask in nodecon statement") warns about host bits set in IPv6 > > addresses. > > Adjust IPv6 netmasks in the libsepol tests so that the used address ::1 > > does not set any host bits and running the tests does not print several > > of the following warnings: > > > > net_contexts:15:WARNING 'host bits in ipv6 address set' at token '' on line 594: > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libsepol/tests/policies/test-deps/base-metreq.conf | 2 +- > > libsepol/tests/policies/test-deps/base-notmetreq.conf | 2 +- > > libsepol/tests/policies/test-deps/small-base.conf | 2 +- > > libsepol/tests/policies/test-expander/alias-base.conf | 2 +- > > libsepol/tests/policies/test-expander/role-base.conf | 2 +- > > libsepol/tests/policies/test-expander/small-base.conf | 2 +- > > libsepol/tests/policies/test-expander/user-base.conf | 2 +- > > libsepol/tests/policies/test-hooks/cmp_policy.conf | 2 +- > > libsepol/tests/policies/test-hooks/small-base.conf | 2 +- > > libsepol/tests/policies/test-linker/small-base.conf | 2 +- > > 10 files changed, 10 insertions(+), 10 deletions(-) > > > > diff --git a/libsepol/tests/policies/test-deps/base-metreq.conf b/libsepol/tests/policies/test-deps/base-metreq.conf > > index 3e2f8407..b7528dde 100644 > > --- a/libsepol/tests/policies/test-deps/base-metreq.conf > > +++ b/libsepol/tests/policies/test-deps/base-metreq.conf > > @@ -516,7 +516,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-deps/base-notmetreq.conf b/libsepol/tests/policies/test-deps/base-notmetreq.conf > > index 8ff3d204..eee36dca 100644 > > --- a/libsepol/tests/policies/test-deps/base-notmetreq.conf > > +++ b/libsepol/tests/policies/test-deps/base-notmetreq.conf > > @@ -503,7 +503,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-deps/small-base.conf b/libsepol/tests/policies/test-deps/small-base.conf > > index 1411e624..98f49c23 100644 > > --- a/libsepol/tests/policies/test-deps/small-base.conf > > +++ b/libsepol/tests/policies/test-deps/small-base.conf > > @@ -504,7 +504,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-expander/alias-base.conf b/libsepol/tests/policies/test-expander/alias-base.conf > > index 57d4520e..b950039d 100644 > > --- a/libsepol/tests/policies/test-expander/alias-base.conf > > +++ b/libsepol/tests/policies/test-expander/alias-base.conf > > @@ -494,7 +494,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-expander/role-base.conf b/libsepol/tests/policies/test-expander/role-base.conf > > index a603390b..8e88b4be 100644 > > --- a/libsepol/tests/policies/test-expander/role-base.conf > > +++ b/libsepol/tests/policies/test-expander/role-base.conf > > @@ -476,7 +476,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-expander/small-base.conf b/libsepol/tests/policies/test-expander/small-base.conf > > index 20005e3f..055ea054 100644 > > --- a/libsepol/tests/policies/test-expander/small-base.conf > > +++ b/libsepol/tests/policies/test-expander/small-base.conf > > @@ -714,7 +714,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-expander/user-base.conf b/libsepol/tests/policies/test-expander/user-base.conf > > index 1f84fd76..b31ee8cd 100644 > > --- a/libsepol/tests/policies/test-expander/user-base.conf > > +++ b/libsepol/tests/policies/test-expander/user-base.conf > > @@ -480,7 +480,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-hooks/cmp_policy.conf b/libsepol/tests/policies/test-hooks/cmp_policy.conf > > index 1eccf4a8..9082b333 100644 > > --- a/libsepol/tests/policies/test-hooks/cmp_policy.conf > > +++ b/libsepol/tests/policies/test-hooks/cmp_policy.conf > > @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-hooks/small-base.conf b/libsepol/tests/policies/test-hooks/small-base.conf > > index 1eccf4a8..9082b333 100644 > > --- a/libsepol/tests/policies/test-hooks/small-base.conf > > +++ b/libsepol/tests/policies/test-hooks/small-base.conf > > @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > > > > > > > diff --git a/libsepol/tests/policies/test-linker/small-base.conf b/libsepol/tests/policies/test-linker/small-base.conf > > index 2bc14656..890ebbeb 100644 > > --- a/libsepol/tests/policies/test-linker/small-base.conf > > +++ b/libsepol/tests/policies/test-linker/small-base.conf > > @@ -593,7 +593,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > # > > #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 > > > > -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) > > > > > > > > -- > > 2.35.2 > >
diff --git a/libsepol/tests/policies/test-deps/base-metreq.conf b/libsepol/tests/policies/test-deps/base-metreq.conf index 3e2f8407..b7528dde 100644 --- a/libsepol/tests/policies/test-deps/base-metreq.conf +++ b/libsepol/tests/policies/test-deps/base-metreq.conf @@ -516,7 +516,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) # #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) diff --git a/libsepol/tests/policies/test-deps/base-notmetreq.conf b/libsepol/tests/policies/test-deps/base-notmetreq.conf index 8ff3d204..eee36dca 100644 --- a/libsepol/tests/policies/test-deps/base-notmetreq.conf +++ b/libsepol/tests/policies/test-deps/base-notmetreq.conf @@ -503,7 +503,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) # #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) diff --git a/libsepol/tests/policies/test-deps/small-base.conf b/libsepol/tests/policies/test-deps/small-base.conf index 1411e624..98f49c23 100644 --- a/libsepol/tests/policies/test-deps/small-base.conf +++ b/libsepol/tests/policies/test-deps/small-base.conf @@ -504,7 +504,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) # #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) diff --git a/libsepol/tests/policies/test-expander/alias-base.conf b/libsepol/tests/policies/test-expander/alias-base.conf index 57d4520e..b950039d 100644 --- a/libsepol/tests/policies/test-expander/alias-base.conf +++ b/libsepol/tests/policies/test-expander/alias-base.conf @@ -494,7 +494,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) # #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) diff --git a/libsepol/tests/policies/test-expander/role-base.conf b/libsepol/tests/policies/test-expander/role-base.conf index a603390b..8e88b4be 100644 --- a/libsepol/tests/policies/test-expander/role-base.conf +++ b/libsepol/tests/policies/test-expander/role-base.conf @@ -476,7 +476,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) # #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) diff --git a/libsepol/tests/policies/test-expander/small-base.conf b/libsepol/tests/policies/test-expander/small-base.conf index 20005e3f..055ea054 100644 --- a/libsepol/tests/policies/test-expander/small-base.conf +++ b/libsepol/tests/policies/test-expander/small-base.conf @@ -714,7 +714,7 @@ genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) # #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) diff --git a/libsepol/tests/policies/test-expander/user-base.conf b/libsepol/tests/policies/test-expander/user-base.conf index 1f84fd76..b31ee8cd 100644 --- a/libsepol/tests/policies/test-expander/user-base.conf +++ b/libsepol/tests/policies/test-expander/user-base.conf @@ -480,7 +480,7 @@ genfscon proc / gen_context(system_u:object_r:system_t, s0) # #nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:system_t, s0) diff --git a/libsepol/tests/policies/test-hooks/cmp_policy.conf b/libsepol/tests/policies/test-hooks/cmp_policy.conf index 1eccf4a8..9082b333 100644 --- a/libsepol/tests/policies/test-hooks/cmp_policy.conf +++ b/libsepol/tests/policies/test-hooks/cmp_policy.conf @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) # #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) diff --git a/libsepol/tests/policies/test-hooks/small-base.conf b/libsepol/tests/policies/test-hooks/small-base.conf index 1eccf4a8..9082b333 100644 --- a/libsepol/tests/policies/test-hooks/small-base.conf +++ b/libsepol/tests/policies/test-hooks/small-base.conf @@ -464,7 +464,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) # #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0) diff --git a/libsepol/tests/policies/test-linker/small-base.conf b/libsepol/tests/policies/test-linker/small-base.conf index 2bc14656..890ebbeb 100644 --- a/libsepol/tests/policies/test-linker/small-base.conf +++ b/libsepol/tests/policies/test-linker/small-base.conf @@ -593,7 +593,7 @@ genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0) # #nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0 -nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0) +nodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(g_b_user_1:object_r:g_b_type_1, s0)
checkpolicy(8) since 01b88ac3 ("checkpolicy: warn on bogus IP address or netmask in nodecon statement") warns about host bits set in IPv6 addresses. Adjust IPv6 netmasks in the libsepol tests so that the used address ::1 does not set any host bits and running the tests does not print several of the following warnings: net_contexts:15:WARNING 'host bits in ipv6 address set' at token '' on line 594: Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/tests/policies/test-deps/base-metreq.conf | 2 +- libsepol/tests/policies/test-deps/base-notmetreq.conf | 2 +- libsepol/tests/policies/test-deps/small-base.conf | 2 +- libsepol/tests/policies/test-expander/alias-base.conf | 2 +- libsepol/tests/policies/test-expander/role-base.conf | 2 +- libsepol/tests/policies/test-expander/small-base.conf | 2 +- libsepol/tests/policies/test-expander/user-base.conf | 2 +- libsepol/tests/policies/test-hooks/cmp_policy.conf | 2 +- libsepol/tests/policies/test-hooks/small-base.conf | 2 +- libsepol/tests/policies/test-linker/small-base.conf | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-)