Bug 1028206 - Review Request: tayga - nat64 implementation for linux
Review Request: tayga - nat64 implementation for linux
Status: CLOSED DUPLICATE of bug 1263941
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-07 16:59 EST by William Brown
Modified: 2015-09-17 02:47 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-17 02:47:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description William Brown 2013-11-07 16:59:26 EST
Spec URL: http://firstyear.id.au/media/tayga.spec
SRPM URL: http://firstyear.id.au/media/tayga-0.9.2-1.fc19.src.rpm
Description: Tayga is a NAT64 implementation for linux in userland. With the support of a DNS64 server (Such as bind) it allows the translation of ipv4 addresses into an ipv6 prefix. This allows a network to be ipv6 only, which still maintaining contact with the ipv4 internet.
Fedora Account System Username: firstyear
Comment 1 Michael Scherer 2014-01-06 17:27:11 EST
Wouldn't it be better to have the selinux policy sent to selinux-policy package ?

I will take a look at the package, as the topic interest me.
Comment 2 Michael Scherer 2014-01-06 17:39:41 EST
Ok, so looking at the policy, it is just the label of the tayga binary, and the ifup/ifdown stuff are highly depend on the state of initscript, so i think the binary should be separated from theses two part.

I think it would maybe be better to have it integrated with systemd somehow.
Comment 3 William Brown 2014-03-24 22:42:13 EDT
Sorry about the delay getting back to you.

Initially, the policy should be in this package, and once it's "stable" I'll send to to selinux-policy.

What do you mean separate the binary from ifup/ifdown? 

How do you suggest to integrate with systemd? I'm not sure that it supports network interfaces ... unless you mean to suggest that we run nat64 as a service over a network interface? (Given this doesn't create an interface with an IP that is certainly an option to make services such as tayga@.service).
Comment 4 Christopher Meng 2014-03-25 07:17:05 EDT
(In reply to William Brown from comment #3)
> Sorry about the delay getting back to you.
> 
> Initially, the policy should be in this package, and once it's "stable" I'll
> send to to selinux-policy.

You should open a new bug under selinux-policy and tell the maintainer that a new package will need some works.

If they deny to adopt, then it's time ship it in this package.
 
> How do you suggest to integrate with systemd? I'm not sure that it supports
> network interfaces ... unless you mean to suggest that we run nat64 as a
> service over a network interface? (Given this doesn't create an interface
> with an IP that is certainly an option to make services such as
> tayga@.service).

It should support it well.

%{_mandir}/man5/%{name}.conf.5.gz
%{_mandir}/man8/%{name}.8.gz

-->

%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man8/%{name}.8*

Remove %defattr(-,root,root,0755)
Comment 5 William Brown 2014-03-26 20:42:43 EDT
I will take into account all these suggestions. Thinking about it, openvpn does something similar with @.service, so I will rewrite my scripts for this and will resubmit for review soon.
Comment 6 William Brown 2014-04-02 20:52:35 EDT
Rewritten, rewrote selinux policy and tested on my system. 

Both URLs have been updated.

Please review. I will have the SELinux policy reviewed on the SELinux mailing list.
Comment 8 William Brown 2014-04-06 21:10:21 EDT
Updated with reviewed SELinux policy.
Comment 9 Ingvar Hagelund 2015-09-08 04:34:42 EDT
Is this review request for tayga dead? William, are you still willing to wrap tayga? If not, I could have a look at it.

br,

Ingvar
Comment 10 William Brown 2015-09-16 00:28:30 EDT
I'm not interested in this any more. You may take it over, and I'm happy to advise however via email.
Comment 11 Ingvar Hagelund 2015-09-16 10:06:27 EDT
New src.rpm here: http://users.linpro.no/ingvar/tayga/tayga-0.9.2-1.fc22.src.rpm
Spec here: http://users.linpro.no/ingvar/tayga/tayga.spec

I wrote this from scratch, so it resembles William's package only by coincidence :-)

It seems like the selinux policy is now included upstream, so while making this package, I skipped selinux. I also skipped the automatic adding of network stuff. The binary itself sets up its own interface. Adding skeleton config for routing seems over-engineering to me.

Ingvar
Comment 12 Christopher Meng 2015-09-16 11:51:28 EDT
Please open a new bug and mark this one as DUPLICATE. Do not reuse existing bug.
Comment 13 Ingvar Hagelund 2015-09-17 02:47:28 EDT
Opening a new request #1263941, and closing this as duplicate.

*** This bug has been marked as a duplicate of bug 1263941 ***

Note You need to log in before you can comment on or make changes to this bug.