Re: netlabel: UNLABELED ath9k not denying unlabeled traffic

From: Paul Moore
Date: Wed Jan 14 2009 - 09:57:28 EST

Next message: Rogan Dawes: "Re: linux kernel without file system"
Previous message: Uwe Kleine-KÃnig: "[PATCH RFC] Use kernel/Kconfig.preempt for ARM"
In reply to: Justin P. Mattock: "netlabel: UNLABELED ath9k not denying unlabeled traffic"
Next in thread: Justin P. Mattock: "Re: netlabel: UNLABELED ath9k not denying unlabeled traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 14 January 2009 12:18:18 am Justin P. Mattock wrote:
> When using netlabelctl on a dell laptop
> I'm able to define the addresses that I want:
>
> netlabelctl unlbl add interface:wlan0 address:<radiostation>
> label:system_u:object_r:netlabel_peer_t:s0
> netlabelctl unlbl add interface:wlan0 address:<myaddress>
> label:system_u:object_r:netlabel_peer_t:s0
> netlabelctl -p unlbl accept off
>
> {the above was from http://paulmoore.livejournal.com/1758.html };

Hey, somebody actually reads that stuff! I guess I'll need to be
careful what I write from now on :)

Hi Justin, on a more serious note, if you are having problems with
labeled networking it's probably a good idea to CC the SELinux, LSM
and/or netdev lists depending on the issue as I often miss mail if it
is only posted to LKML. When in doubt you can just CC me personally
(paul.moore@xxxxxx) and I'll add whatever list seems appropriate.

> (I'm able to listen to the radio station allowed, then if I choose
> another station; if I haven't defined an address like the above,
> mplayer just sits there.denying the unlabeled packet. that is until I
> allow the address);

Good, that is how it should work give the configuration shown above.

> The problem I have is when I do the same on my macbook pro ati
> chipset. with the ath9k module, I'm able to listen to any station,
> search the web etc..
> it seems netlabelctl -p unlbl accept off makes no difference if it's
> on or off.
>
> Is this built into ath9k yet, or is there something I'm missing?

That is just plain odd, there isn't really anything that is driver
specific. Can you share any more details like kernel version,
netlabel_tools verion, distro, etc? I don't have any ath9k hardware
lying around to test so I would appreciate whatever additional
information you can provide.

--
paul moore
linux @ hp
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rogan Dawes: "Re: linux kernel without file system"
Previous message: Uwe Kleine-KÃnig: "[PATCH RFC] Use kernel/Kconfig.preempt for ARM"
In reply to: Justin P. Mattock: "netlabel: UNLABELED ath9k not denying unlabeled traffic"
Next in thread: Justin P. Mattock: "Re: netlabel: UNLABELED ath9k not denying unlabeled traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]