diff --git a/netlabel.rules b/netlabel.rules
index 34b0880..4c24972 100644
--- a/netlabel.rules
+++ b/netlabel.rules
@@ -1,9 +1,59 @@
-# This file contains the rules for the Netlabel subsystem
+# This file contains the rules for the Netlabel subsystem, for more information
+# please see the netlabelctl(1) man page.
+#
# Each line contains just the arguments to the netlabel command
-# creates a CIPSO/IPv4 definition using a DOI value of 1
-cipsov4 add std doi:1 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2
+####
+# NOTE: By default the kernel sends unlabeled traffic and allows unlabled
+# traffic into the system, to disable that add the following two lines to
+# the beginning of your configuration. However, be warned that you
+# should only change these settings if you know what you are doing as you
+# could accidently disable networking with a bad configuration.
+#
-# tell the NetLabel system to use this CIPSO/IPv4 defintion by default
-mgmt add default protocol:cipsov4,1
+# Remove the default domain mapping
+#map del default
+# Do not accept incoming unlabeled packets
+#unlbl accept off
+
+####
+# Unlabeled examples:
+#
+
+# Enable unlabeled packets
+#unlbl accept on
+
+# Disable unlabeled packets
+#unlbl accept off
+
+
+####
+# CIPSOv4 examples:
+#
+
+# Create a CIPSOv4 DOI definition using a pass-through mapping with a DOI
+# value of 6 and the restricted bitmap tag (CIPSOv4 tag type #1)
+#cipsov4 add pass doi:6 tags:1
+
+# Create a CIPSOv4 DOI definition using a standard mapping with a DOI value
+# of 8 and the restricted bitmap tag (CIPSOv4 tag type #1). The example
+# below maps MLS sensitivity levels and categories 0 through 2 to the same
+# values for both CIPSO and the Linux LSM
+#cipsov4 add std doi:8 tags:1 levels:0=0,1=1,2=2 categories:0=0,1=1,2=2
+
+
+####
+# LSM mapping examples:
+#
+
+# Create a default mapping for all LSM domains using the unlabeled protocol
+#map add default protocol:unlbl
+
+# Create a default mapping for all LSM domains using the CIPSOv4 protocol
+# with DOI number 6
+#map add default protocol:cipsov4,6
+
+# Create a mapping for the "secret_t" LSM domain and the CIPSOv4 protocol
+# with DOI number 8
+#map add domain:secret_t protocol:cipsov4,8
diff --git a/netlabel_tools-0.17-newlibnl.patch b/netlabel_tools-0.17-newlibnl.patch
new file mode 100644
index 0000000..5931896
--- /dev/null
+++ b/netlabel_tools-0.17-newlibnl.patch
@@ -0,0 +1,158 @@
+--- netlabel_tools-0.17/libnetlabel/netlabel_comm.c.spc 2008-02-07 08:57:38.000000000 -0600
++++ netlabel_tools-0.17/libnetlabel/netlabel_comm.c 2008-02-07 09:02:01.000000000 -0600
+@@ -8,19 +8,17 @@
+ /*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of version 2 of the GNU General Public License as
++ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+- * the GNU General Public License for more details.
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ * along with this program. If not, see .
+ *
+ */
+
+@@ -100,7 +98,10 @@
+ goto open_failure;
+
+ /* set the netlink handle properties */
+-#if LIBNL_VERSION >= 1006
++#if LIBNL_VERSION >= 1008
++ nl_socket_set_peer_port(hndl->nl_hndl, 0);
++ nl_set_passcred(hndl->nl_hndl, 1);
++#elif LIBNL_VERSION == 1006
+ nl_handle_set_peer_pid(hndl->nl_hndl, 0);
+ nl_set_passcred(hndl->nl_hndl, 1);
+ #endif
+@@ -177,7 +178,11 @@
+ * is waiting to be read from the handle */
+ timeout.tv_sec = nlcomm_read_timeout;
+ timeout.tv_usec = 0;
++#if LIBNL_VERSION >= 1008
++ nl_fd = nl_socket_get_fd(hndl->nl_hndl);
++#else
+ nl_fd = nl_handle_get_fd(hndl->nl_hndl);
++#endif
+ FD_ZERO(&read_fds);
+ FD_SET(nl_fd, &read_fds);
+ ret_val = select(nl_fd + 1, &read_fds, NULL, NULL, &timeout);
+@@ -250,7 +255,11 @@
+ * is waiting to be read from the handle */
+ timeout.tv_sec = nlcomm_read_timeout;
+ timeout.tv_usec = 0;
++#if LIBNL_VERSION >= 1008
++ nl_fd = nl_socket_get_fd(hndl->nl_hndl);
++#else
+ nl_fd = nl_handle_get_fd(hndl->nl_hndl);
++#endif
+ FD_ZERO(&read_fds);
+ FD_SET(nl_fd, &read_fds);
+ ret_val = select(nl_fd + 1, &read_fds, NULL, NULL, &timeout);
+@@ -349,6 +358,6 @@
+ #if LIBNL_VERSION == 1005
+ return nl_send_auto_complete(hndl->nl_hndl, nlbl_msg_nlhdr(msg));
+ #elif LIBNL_VERSION >= 1006
+- return = nl_send_auto_complete(hndl->nl_hndl, msg);
++ return nl_send_auto_complete(hndl->nl_hndl, msg);
+ #endif
+ }
+--- netlabel_tools-0.17/libnetlabel/netlabel_internal.h.spc 2008-02-07 08:58:27.000000000 -0600
++++ netlabel_tools-0.17/libnetlabel/netlabel_internal.h 2008-02-07 09:02:01.000000000 -0600
+@@ -8,19 +8,17 @@
+ /*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of version 2 of the GNU General Public License as
++ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+- * the GNU General Public License for more details.
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ * along with this program. If not, see .
+ *
+ */
+
+@@ -37,11 +35,12 @@
+ /* Specify which version of libnl we are using */
+ /* 1.0-pre5 => 1005 */
+ /* 1.0-pre6 => 1006 */
+-#define LIBNL_VERSION 1005
++/* 1.0-pre8 => 1008 */
++#define LIBNL_VERSION 1008
+
+ /* XXX - this whole block will most likely go away once libnl supports Generic
+ * Netlink */
+-#if 1 /* Generic Netlink types */
++#if LIBNL_VERSION <= 1006 /* Generic Netlink types */
+
+ /* Generic Netlink message header */
+ struct genlmsghdr {
+--- netlabel_tools-0.17/libnetlabel/netlabel_msg.c.spc 2008-02-07 08:57:55.000000000 -0600
++++ netlabel_tools-0.17/libnetlabel/netlabel_msg.c 2008-02-07 09:02:01.000000000 -0600
+@@ -8,19 +8,17 @@
+ /*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of version 2 of the GNU General Public License as
++ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+- * the GNU General Public License for more details.
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+- * along with this program; if not, write to the Free Software
+- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ * along with this program. If not, see .
+ *
+ */
+
+@@ -52,7 +50,11 @@
+ struct genlmsghdr genl_hdr;
+
+ /* create the message with a simple netlink header */
++#if LIBNL_VERSION >= 1008
++ msg = nlmsg_alloc();
++#else
+ msg = nlmsg_build_no_hdr();
++#endif
+ if (msg == NULL)
+ goto msg_new_failure;
+
diff --git a/netlabel_tools.spec b/netlabel_tools.spec
index cad3297..19541c2 100644
--- a/netlabel_tools.spec
+++ b/netlabel_tools.spec
@@ -1,18 +1,16 @@
-
-%define home_base_url http://free.linux.hp.com/~pmoore/projects/linux_cipso
-
Summary: Tools to manage the Linux NetLabel subsystem
Name: netlabel_tools
Version: 0.17
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPL
Group: System Environment/Daemons
-URL: %{home_base_url}
-Source0: %{home_base_url}/%{name}-%{version}.tar.gz
+URL: http://netlabel.sf.net/
+Source0: http://downloads.sourceforge.net/netlabel/%{name}-%{version}.tar.gz
Source1: netlabel
Source2: netlabel.rules
Patch1: netlabel_tools-0.17-new-hdrs.patch
Patch2: netlabel_tools-27_28.patch
+Patch3: netlabel_tools-0.17-newlibnl.patch
BuildRoot: %{_tmppath}/%{name}-%{version}
BuildRequires: kernel-headers >= 2.6.18
BuildRequires: libnl-devel
@@ -31,6 +29,7 @@ configure the kernel subsystem.
%patch1 -p1
# Upstream patch.
%patch2 -p0
+%patch3 -p1
%build
# Don't use _smp_mflags, it's small and a hand crafted Makefile
@@ -57,6 +56,12 @@ rm -rf $RPM_BUILD_ROOT
%attr(0644,root,root) %{_mandir}/man8/*
%changelog
+* Thu Feb 7 2008 Steve Conklin - 0.17-6
+- Various fixes to follow upstream
+- Resolves bz#431765 The example configuration file is invalid
+- Resolves bz#431766 The netlabelctl command fails to run due to newer libnl package
+- Resolves bz#431767 The url listed in the netlabel_tools package is wrong
+
* Mon Oct 16 2006 James Antill - 0.17-3
- Add upstream patch.
- s/p1/p0/ for upstream patch.