1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00
systemd/test/fuzz
Topi Miettinen 4b3590c324 network: NetLabel integration
New directive `NetLabel=` provides a method for integrating static and dynamic
network configuration into Linux NetLabel subsystem rules, used by Linux
Security Modules (LSMs) for network access control. The label, with suitable
LSM rules, can be used to control connectivity of (for example) a service with
peers in the local network. At least with SELinux, only the ingress can be
controlled but not egress. The benefit of using this setting is that it may be
possible to apply interface independent part of NetLabel configuration at very
early stage of system boot sequence, at the time when the network interfaces
are not available yet, with netlabelctl(8), and the per-interface configuration
with systemd-networkd once the interfaces appear later.  Currently this feature
is only implemented for SELinux.

The option expects a single NetLabel label. The label must conform to lexical
restrictions of LSM labels. When an interface is configured with IP addresses,
the addresses and subnetwork masks will be appended to the NetLabel Fallback
Peer Labeling rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.

Example:
```
[DHCPv4]
NetLabel=system_u:object_r:localnet_peer_t:s0
```

With the above rules for interface `eth0`, when the interface is configured with
an IPv4 address of 10.0.0.123/8, `systemd-networkd` performs the equivalent of
`netlabelctl` operation

```
$ sudo netlabelctl unlbl add interface eth0 address:10.0.0.0/8 label:system_u:object_r:localnet_peer_t:s0
```

Result:
```
$ sudo netlabelctl -p unlbl list
...
 interface: eth0
   address: 10.0.0.0/8
    label: "system_u:object_r:localnet_peer_t:s0"
...
```
2022-08-29 14:23:17 +09:00
..
fuzz-bootspec shared/bootspec: add missing terminator to table 2022-05-08 17:58:00 +02:00
fuzz-bus-match fuzz-bus-match: add example from bugzilla#1935084 2021-03-06 09:32:18 +01:00
fuzz-bus-message sd-bus: fix buffer overflow 2022-05-28 10:06:14 +02:00
fuzz-calendarspec shared/calendarspec: fix formatting of entries which collapse to a star 2022-05-10 14:35:57 +02:00
fuzz-catalog fuzz: rename the longest test samples 2022-03-21 11:42:35 +01:00
fuzz-dhcp6-client fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-dhcp-client fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-dhcp-server fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-dhcp-server-relay fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-dns-packet fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-env-file fuzz: add env-file fuzzer 2019-03-11 14:11:28 +01:00
fuzz-etc-hosts resolved: use strv_extend_with_size() to avoid slow parsing of /etc/hosts 2022-05-20 15:18:28 +02:00
fuzz-fido-id-desc udev: Add id program and rule for FIDO security tokens 2019-09-07 02:23:58 +09:00
fuzz-journal-remote fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-journald-audit journald: check whether sscanf has changed the value corresponding to %n 2018-11-17 11:25:19 +01:00
fuzz-journald-kmsg fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-journald-native-fd tests: add a fuzzer for server_process_native_file 2018-11-23 17:29:59 +01:00
fuzz-journald-stream tests: add a fuzzer for journald streams 2018-11-20 03:03:32 +01:00
fuzz-journald-syslog fuzz: unify the "fuzz-regressions" directory with the main corpus 2018-10-02 09:41:25 +02:00
fuzz-json shared/json: fix memleak in sort 2022-05-10 17:08:37 +02:00
fuzz-link-parser fuzz: add ConditionCredential= to fuzz files, and sort their sections 2022-07-15 10:53:45 +02:00
fuzz-lldp-rx test: also rename {test,fuzz}-lldp.c 2021-09-27 23:55:11 +09:00
fuzz-ndisc-rs fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-netdev-parser network/tuntap: introduce KeepCarrier= setting 2022-08-16 21:57:31 +09:00
fuzz-network-parser network: NetLabel integration 2022-08-29 14:23:17 +09:00
fuzz-nspawn-oci fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-nspawn-settings fuzz: rename test cases for brevity and meaning 2022-05-04 11:51:15 +02:00
fuzz-systemctl-parse-argv tree-wide: change --kill-who to --kill-whom 2022-08-26 11:15:44 +09:00
fuzz-udev-database fuzz: add a sample for fuzz-udev-database 2019-02-26 13:28:30 +09:00
fuzz-udev-rules rules: import previous SYSTEMD_READY state for suspended DM devices and skip other rules 2022-08-19 20:13:47 +01:00
fuzz-unit-file fuzz: add ConditionCredential= to fuzz files, and sort their sections 2022-07-15 10:53:45 +02:00
fuzz-varlink fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
fuzz-xdg-desktop fuzz: rename samples to avoid long test names 2022-07-05 21:49:12 +02:00
.gitattributes gitattributes: introduce and use "generated" attribute 2021-10-18 09:42:55 +02:00
meson.build meson: pass skip-deps on to the fuzzers as well 2022-02-22 17:50:14 +00:00