[PATCH v6 0/9] SELinux support for Infiniband RDMA

Paul Moore paul at paul-moore.com
Thu May 4 15:51:37 UTC 2017


On Wed, May 3, 2017 at 3:45 PM, Daniel Jurgens <danielj at mellanox.com> wrote:
> On 5/3/2017 9:41 AM, Paul Moore wrote:
>> On Wed, Nov 23, 2016 at 9:17 AM, Dan Jurgens <danielj at mellanox.com> wrote:
>>> From: Daniel Jurgens <danielj at mellanox.com>
>>>
>>> Infiniband applications access HW from user-space -- traffic is generated
>>> directly by HW, bypassing the kernel. Consequently, Infiniband Partitions,
>>> which are associated directly with HW transport endpoints, are a natural
>>> choice for enforcing granular mandatory access control for Infiniband. QPs may
>>> only send or receives packets tagged with the corresponding partition key
>>> (PKey). The PKey is not a cryptographic key; it's a 16 bit number identifying
>>> the partition ...
>>>
>> Hi Dan,
>>
>> I haven't heard anything from you in a while, where do things stand
>> with this effort?  Unless I missed them, I believe we are still
>> waiting on the userspace, SELinux reference policy, and
>> selinux-testsuite patches.
>>
> Hi Paul,
>
>     I got distracted for a while.  I've just rebased the kernel and userspace.  I'll do some testing and submit the userspace code in the next couple days.  I still have to write the selinux-testsuite tests, I'll work on those concurrently with the userspace review cycle.

Great, thanks for the update.  We'll look forward to the patches.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list