Re: netlabel: UNLABELED ath9k not denying unlabeled traffic

[Paul Moore <paul.moore@hp.com>]

On Wednesday 14 January 2009 12:18:18 am Justin P. Mattock wrote:
> When using netlabelctl on a dell laptop
> I'm able to define the addresses that I want:
>
> netlabelctl unlbl add interface:wlan0 address:<radiostation>
> label:system_u:object_r:netlabel_peer_t:s0
> netlabelctl unlbl add interface:wlan0 address:<myaddress>
> label:system_u:object_r:netlabel_peer_t:s0
> netlabelctl  -p unlbl accept off
>
> {the above was from http://paulmoore.livejournal.com/1758.html };

Hey, somebody actually reads that stuff!  I guess I'll need to be 
careful what I write from now on :)

Hi Justin, on a more serious note, if you are having problems with 
labeled networking it's probably a good idea to CC the SELinux, LSM 
and/or netdev lists depending on the issue as I often miss mail if it 
is only posted to LKML.  When in doubt you can just CC me personally 
(paul.moore@hp.com) and I'll add whatever list seems appropriate.

> (I'm able to listen to the radio station allowed, then if I choose
> another station; if I haven't defined an address like the above,
> mplayer just sits there.denying the unlabeled packet. that is until I
> allow the address);

Good, that is how it should work give the configuration shown above.

> The problem I have is when I do the same on my macbook pro ati
> chipset. with the ath9k module, I'm able to listen to any station,
> search the web etc..
> it seems netlabelctl  -p unlbl accept off makes no difference if it's
> on or off.
>
> Is this built into ath9k yet, or is there something I'm missing?

That is just plain odd, there isn't really anything that is driver 
specific.  Can you share any more details like kernel version, 
netlabel_tools verion, distro, etc?  I don't have any ath9k hardware 
lying around to test so I would appreciate whatever additional 
information you can provide.

-- 
paul moore
linux @ hp