Blame netlabelctl/netlabel.rules
|
Packit |
51d0f7 |
#
|
|
Packit |
51d0f7 |
# Configuration file for the NetLabel subsystem. This file should contain
|
|
Packit |
51d0f7 |
# individual commands for the netlabelctl utility to be run in order from the
|
|
Packit |
51d0f7 |
# top of the file to the bottom.
|
|
Packit |
51d0f7 |
#
|
|
Packit |
51d0f7 |
# See the netlabel-config(8) and netlabelctl(8) manpages for more information.
|
|
Packit |
51d0f7 |
#
|
|
Packit |
51d0f7 |
# https://github.com/netlabel
|
|
Packit |
51d0f7 |
#
|
|
Packit |
51d0f7 |
|
|
Packit |
51d0f7 |
##
|
|
Packit |
51d0f7 |
## Example: Remove the default configuration and replace it with an address
|
|
Packit |
51d0f7 |
## selector based configuration that send unlabeled traffic to all
|
|
Packit |
51d0f7 |
## IPv4 and IPv6 addresses.
|
|
Packit |
51d0f7 |
##
|
|
Packit |
51d0f7 |
#
|
|
Packit |
51d0f7 |
# map del default
|
|
Packit |
51d0f7 |
# map add default address:0.0.0.0/0 protocol:unlbl
|
|
Packit |
51d0f7 |
# map add default address:::0/0 protocol:unlbl
|
|
Packit |
51d0f7 |
|
|
Packit |
51d0f7 |
##
|
|
Packit |
51d0f7 |
## Example: Remove the default configuration and replace it with an address
|
|
Packit |
51d0f7 |
## selector based configuration that send unlabeled traffic to all
|
|
Packit |
51d0f7 |
## IPv4 and IPv6 addresses except for 127.0.0.1, which uses CIPSO
|
|
Packit |
51d0f7 |
## DOI 9999 to pass LSM security labels over the loopback network
|
|
Packit |
51d0f7 |
## device.
|
|
Packit |
51d0f7 |
##
|
|
Packit |
51d0f7 |
#
|
|
Packit |
51d0f7 |
# cipso add doi:9999 local
|
|
Packit |
51d0f7 |
# map del default
|
|
Packit |
51d0f7 |
# map add default address:0.0.0.0/0 protocol:unlbl
|
|
Packit |
51d0f7 |
# map add default address:::0/0 protocol:unlbl
|
|
Packit |
51d0f7 |
# map add default address:127.0.0.1 protocol:cipso,9999
|
|
Packit |
51d0f7 |
|