Red Hat Bugzilla – Bug 1028206
Review Request: tayga - nat64 implementation for linux
Last modified: 2015-09-17 02:47:28 EDT
Spec URL: http://firstyear.id.au/media/tayga.spec
SRPM URL: http://firstyear.id.au/media/tayga-0.9.2-1.fc19.src.rpm
Description: Tayga is a NAT64 implementation for linux in userland. With the support of a DNS64 server (Such as bind) it allows the translation of ipv4 addresses into an ipv6 prefix. This allows a network to be ipv6 only, which still maintaining contact with the ipv4 internet.
Fedora Account System Username: firstyear
Wouldn't it be better to have the selinux policy sent to selinux-policy package ?
I will take a look at the package, as the topic interest me.
Ok, so looking at the policy, it is just the label of the tayga binary, and the ifup/ifdown stuff are highly depend on the state of initscript, so i think the binary should be separated from theses two part.
I think it would maybe be better to have it integrated with systemd somehow.
Sorry about the delay getting back to you.
Initially, the policy should be in this package, and once it's "stable" I'll send to to selinux-policy.
What do you mean separate the binary from ifup/ifdown?
How do you suggest to integrate with systemd? I'm not sure that it supports network interfaces ... unless you mean to suggest that we run nat64 as a service over a network interface? (Given this doesn't create an interface with an IP that is certainly an option to make services such as tayga@.service).
(In reply to William Brown from comment #3)
> Sorry about the delay getting back to you.
> Initially, the policy should be in this package, and once it's "stable" I'll
> send to to selinux-policy.
You should open a new bug under selinux-policy and tell the maintainer that a new package will need some works.
If they deny to adopt, then it's time ship it in this package.
> How do you suggest to integrate with systemd? I'm not sure that it supports
> network interfaces ... unless you mean to suggest that we run nat64 as a
> service over a network interface? (Given this doesn't create an interface
> with an IP that is certainly an option to make services such as
It should support it well.
I will take into account all these suggestions. Thinking about it, openvpn does something similar with @.service, so I will rewrite my scripts for this and will resubmit for review soon.
Rewritten, rewrote selinux policy and tested on my system.
Both URLs have been updated.
Please review. I will have the SELinux policy reviewed on the SELinux mailing list.
Updated with reviewed SELinux policy.
Is this review request for tayga dead? William, are you still willing to wrap tayga? If not, I could have a look at it.
I'm not interested in this any more. You may take it over, and I'm happy to advise however via email.
New src.rpm here: http://users.linpro.no/ingvar/tayga/tayga-0.9.2-1.fc22.src.rpm
Spec here: http://users.linpro.no/ingvar/tayga/tayga.spec
I wrote this from scratch, so it resembles William's package only by coincidence :-)
It seems like the selinux policy is now included upstream, so while making this package, I skipped selinux. I also skipped the automatic adding of network stuff. The binary itself sets up its own interface. Adding skeleton config for routing seems over-engineering to me.
Please open a new bug and mark this one as DUPLICATE. Do not reuse existing bug.
Opening a new request #1263941, and closing this as duplicate.
*** This bug has been marked as a duplicate of bug 1263941 ***