[PATCH v6 0/9] SELinux support for Infiniband RDMA

Paul Moore paul at paul-moore.com
Wed May 17 21:23:38 UTC 2017


On Thu, May 4, 2017 at 11:51 AM, Paul Moore <paul at paul-moore.com> wrote:
> On Wed, May 3, 2017 at 3:45 PM, Daniel Jurgens <danielj at mellanox.com> wrote:
>> On 5/3/2017 9:41 AM, Paul Moore wrote:
>>> On Wed, Nov 23, 2016 at 9:17 AM, Dan Jurgens <danielj at mellanox.com> wrote:
>>>> From: Daniel Jurgens <danielj at mellanox.com>
>>>>
>>>> Infiniband applications access HW from user-space -- traffic is generated
>>>> directly by HW, bypassing the kernel. Consequently, Infiniband Partitions,
>>>> which are associated directly with HW transport endpoints, are a natural
>>>> choice for enforcing granular mandatory access control for Infiniband. QPs may
>>>> only send or receives packets tagged with the corresponding partition key
>>>> (PKey). The PKey is not a cryptographic key; it's a 16 bit number identifying
>>>> the partition ...
>>>>
>>> Hi Dan,
>>>
>>> I haven't heard anything from you in a while, where do things stand
>>> with this effort?  Unless I missed them, I believe we are still
>>> waiting on the userspace, SELinux reference policy, and
>>> selinux-testsuite patches.
>>>
>> Hi Paul,
>>
>>     I got distracted for a while.  I've just rebased the kernel and userspace.  I'll do some testing and submit the userspace code in the next couple days.  I still have to write the selinux-testsuite tests, I'll work on those concurrently with the userspace review cycle.
>
> Great, thanks for the update.  We'll look forward to the patches.

I took a closer look at the patchset and I think it looks fine,
coupled with the recent progress on the SELinux userspace and test
suite I think it would be good to get this into the selinux/next tree
so we can start playing with it.  Dan, I know there were some IB merge
conflicts with this patch could you do a respin against the current
selinux/next tree?

* git://git.infradead.org/users/pcmoore/selinux
* http://git.infradead.org/users/pcmoore/selinux

Thanks.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list