From: Paul Moore <paul@paul-moore.com>
To: selinux@vger.kernel.org
Subject: [RFC,selinux-notebook PATCH 06/18] xen_statements: fully convert to markdown
Date: Mon, 03 Aug 2020 21:33:55 -0400 [thread overview]
Message-ID: <159650483517.8961.12011786927723219806.stgit@sifl> (raw)
In-Reply-To: <159650470076.8961.12721446818345626943.stgit@sifl>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
src/xen_statements.md | 340 +++++++++++++++++--------------------------------
1 file changed, 119 insertions(+), 221 deletions(-)
diff --git a/src/xen_statements.md b/src/xen_statements.md
index ce968de..5688893 100644
--- a/src/xen_statements.md
+++ b/src/xen_statements.md
@@ -1,12 +1,12 @@
# Xen Statements
-Xen policy supports additional policy language statements: `iomemcon`,
-`ioportcon`, `pcidevicecon`, `pirqcon` and `devicetreecon` that are
+Xen policy supports additional policy language statements: *iomemcon*,
+*ioportcon*, *pcidevicecon*, *pirqcon* and *devicetreecon* that are
discussed in the sections that follow, also the
[**XSM/FLASK Configuration**](http://xenbits.xen.org/docs/4.2-testing/misc/xsm-flask.txt)
document contains further information.
-Policy version 30 introduced the `devicetreecon` statement and also
+Policy version 30 introduced the *devicetreecon* statement and also
expanded the existing I/O memory range to 64 bits in order to support
hardware with more than 44 bits of physical address space (32-bit count
of 4K pages).
@@ -14,9 +14,7 @@ of 4K pages).
To compile these additional statements using ***semodule**(8)*, ensure
that the ***semanage.conf**(5)* file has the *policy-target=xen* entry.
-<br>
-
-## `iomemcon`
+## *iomemcon*
Label i/o memory. This may be a single memory location or a range.
@@ -26,50 +24,32 @@ Label i/o memory. This may be a single memory location or a range.
**Where:**
-<table>
-<tbody>
-<tr>
-<td><code>iomemcon</code></td>
-<td>The <code>iomemcon</code> keyword.</td>
-</tr>
-<tr>
-<td><code>addr</code></td>
-<td>The memory address to apply the context. This may also be a range that consists of a start and end address separated by a hypen '-'.</td>
-</tr>
-<tr>
-<td><code>context</code></td>
-<td>The security context to be applied.</td>
-</tr>
-</tbody>
-</table>
+*iomemcon*
+
+The *iomemcon* keyword.
+
+*addr*
+The memory address to apply the context. This may also be a range that consists
+of a start and end address separated by a hypen \'-\'.
+
+*context*
+
+The security context to be applied.
**The statement is valid in:**
-<table style="text-align:center">
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Monolithic Policy</strong></td>
-<td><strong>Base Policy</strong></td>
-<td><strong>Module Policy</strong></td>
-</tr>
-<tr>
-<td>Yes</td>
-<td>Yes</td>
-<td>No</td>
-</tr>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
-<td><strong><code>optional</code> Statement</strong></td>
-<td><strong><code>require</code> Statement</strong></td>
-</tr>
-<tr>
-<td>No</td>
-<td>No</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
+Policy Type
+
+| Monolithic Policy | Base Policy | Module Policy |
+| ----------------------- | ----------------------- | ----------------------- |
+| Yes | Yes | No |
+
+Conditional Policy Statements
+
+| *if* statement | *optional* Statement | *require* Statement |
+| ----------------------- | ----------------------- | ----------------------- |
+| No | No | No |
**Examples:**
@@ -78,9 +58,7 @@ iomemcon 0xfebd9 system_u:object_r:nicP_t
iomemcon 0xfebe0-0xfebff system_u:object_r:nicP_t
```
-<br>
-
-## `ioportcon`
+## *ioportcon*
Label i/o ports. This may be a single port or a range.
@@ -90,49 +68,32 @@ Label i/o ports. This may be a single port or a range.
**Where:**
-<table>
-<tbody>
-<tr>
-<td><code>ioportcon</code></td>
-<td>The <code>ioportcon</code> keyword.</td>
-</tr>
-<tr>
-<td><code>port</code></td>
-<td>The <code>port</code> to apply the context. This may also be a range that consists of a start and end port number separated by a hypen '-'.</td>
-</tr>
-<tr>
-<td><code>context</code></td>
-<td>The security context to be applied.</td>
-</tr>
-</tbody>
-</table>
+*ioportcon*
+
+The *ioportcon* keyword.
+
+*port*
+
+The *port* to apply the context. This may also be a range that consists of a
+start and end port number separated by a hypen \'-\'.
+
+*context*
+
+The security context to be applied.
**The statement is valid in:**
-<table style="text-align:center">
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Monolithic Policy</strong></td>
-<td><strong>Base Policy</strong></td>
-<td><strong>Module Policy</strong></td>
-</tr>
-<tr>
-<td>Yes</td>
-<td>Yes</td>
-<td>No</td>
-</tr>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
-<td><strong><code>optional</code> Statement</strong></td>
-<td><strong><code>require</code> Statement</strong></td>
-</tr>
-<tr>
-<td>No</td>
-<td>No</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
+Policy Type
+
+| Monolithic Policy | Base Policy | Module Policy |
+| ----------------------- | ----------------------- | ----------------------- |
+| Yes | Yes | No |
+
+Conditional Policy Statements
+
+| *if* statement | *optional* Statement | *require* Statement |
+| ----------------------- | ----------------------- | ----------------------- |
+| No | No | No |
**Examples:**
@@ -141,9 +102,7 @@ ioportcon 0xeac0 system_u:object_r:nicP_t
ioportcon 0xecc0-0xecdf system_u:object_r:nicP_t
```
-<br>
-
-## `pcidevicecon`
+## *pcidevicecon*
Label a PCI device.
@@ -153,57 +112,37 @@ Label a PCI device.
**Where:**
-<table>
-<tbody>
-<tr>
-<td><code>pcidevicecon</code></td>
-<td>The <code>pcidevicecon</code> keyword.</td>
-</tr>
-<tr>
-<td><code>pci_id</code></td>
-<td>The PCI indentifer.</td>
-</tr>
-<tr>
-<td><code>context</code></td>
-<td>The security context to be applied.</td>
-</tr>
-</tbody>
-</table>
+*pcidevicecon*
+
+The *pcidevicecon* keyword.
+
+*pci_id*
+
+The PCI indentifer.
+
+*context*
+
+The security context to be applied.
**The statement is valid in:**
-<table style="text-align:center">
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Monolithic Policy</strong></td>
-<td><strong>Base Policy</strong></td>
-<td><strong>Module Policy</strong></td>
-</tr>
-<tr>
-<td>Yes</td>
-<td>Yes</td>
-<td>No</td>
-</tr>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
-<td><strong><code>optional</code> Statement</strong></td>
-<td><strong><code>require</code> Statement</strong></td>
-</tr>
-<tr>
-<td>No</td>
-<td>No</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
+Policy Type
+
+| Monolithic Policy | Base Policy | Module Policy |
+| ----------------------- | ----------------------- | ----------------------- |
+| Yes | Yes | No |
+
+Conditional Policy Statements
+
+| *if* statement | *optional* Statement | *require* Statement |
+| ----------------------- | ----------------------- | ----------------------- |
+| No | No | No |
**Example:**
`pcidevicecon 0xc800 system_u:object_r:nicP_t`
-<br>
-
-## `pirqcon`
+## *pirqcon*
Label an interrupt level.
@@ -213,57 +152,37 @@ Label an interrupt level.
**Where:**
-<table>
-<tbody>
-<tr>
-<td><code>pirqcon</code></td>
-<td>The <code>pirqcon</code> keyword.</td>
-</tr>
-<tr>
-<td><code>irq</code></td>
-<td>The interrupt request number.</td>
-</tr>
-<tr>
-<td><code>context</code></td>
-<td>The security context to be applied.</td>
-</tr>
-</tbody>
-</table>
+*pirqcon*
+
+The *pirqcon* keyword.
+
+*irq*
+
+The interrupt request number.
+
+*context*
+
+The security context to be applied.
**The statement is valid in:**
-<table style="text-align:center">
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Monolithic Policy</strong></td>
-<td><strong>Base Policy</strong></td>
-<td><strong>Module Policy</strong></td>
-</tr>
-<tr>
-<td>Yes</td>
-<td>Yes</td>
-<td>No</td>
-</tr>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
-<td><strong><code>optional</code> Statement</strong></td>
-<td><strong><code>require</code> Statement</strong></td>
-</tr>
-<tr>
-<td>No</td>
-<td>No</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
+Policy Type
+
+| Monolithic Policy | Base Policy | Module Policy |
+| ----------------------- | ----------------------- | ----------------------- |
+| Yes | Yes | No |
+
+Conditional Policy Statements
+
+| *if* statement | *optional* Statement | *require* Statement |
+| ----------------------- | ----------------------- | ----------------------- |
+| No | No | No |
**Example:**
`pirqcon 33 system_u:object_r:nicP_t`
-<br>
-
-## `devicetreecon`
+## *devicetreecon*
Label device tree nodes.
@@ -273,57 +192,36 @@ Label device tree nodes.
**Where:**
-<table>
-<tbody>
-<tr>
-<td><code>devicetreecon</code></td>
-<td>The <code>devicetreecon</code> keyword.</td>
-</tr>
-<tr>
-<td><code>path</code></td>
-<td>The device tree path. If this contains spaces enclose within <em>""</em> as shown in the example.</td>
-</tr>
-<tr>
-<td><code>context</code></td>
-<td>The security context to be applied.</td>
-</tr>
-</tbody>
-</table>
+*devicetreecon*
+
+The *devicetreecon* keyword.
+
+*path*
+
+The device tree path. If this contains spaces enclose within *""* as shown in
+the example.
+
+*context*
+
+The security context to be applied.
**The statement is valid in:**
-<table style="text-align:center">
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Monolithic Policy</strong></td>
-<td><strong>Base Policy</strong></td>
-<td><strong>Module Policy</strong></td>
-</tr>
-<tr>
-<td>Yes</td>
-<td>Yes</td>
-<td>No</td>
-</tr>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
-<td><strong><code>optional</code> Statement</strong></td>
-<td><strong><code>require</code> Statement</strong></td>
-</tr>
-<tr>
-<td>No</td>
-<td>No</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
+Policy Type
+| Monolithic Policy | Base Policy | Module Policy |
+| ----------------------- | ----------------------- | ----------------------- |
+| Yes | Yes | No |
-**Example:**
+Conditional Policy Statements
-`devicetreecon "/this is/a/path" system_u:object_r:arm_path`
+| *if* statement | *optional* Statement | *require* Statement |
+| ----------------------- | ----------------------- | ----------------------- |
+| No | No | No |
+**Example:**
-<br>
+`devicetreecon "/this is/a/path" system_u:object_r:arm_path`
<!-- %CUTHERE% -->
next prev parent reply other threads:[~2020-08-04 1:33 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-04 1:33 [RFC,selinux-notebook PATCH 00/18] markdown conversions and cleanups Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 01/18] build: explicitly enable pandoc pipe_tables Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 02/18] css: identify table layout hacks Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 03/18] css: style improvements Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 04/18] x_windows: fully convert to markdown Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 05/18] xperm_rules: " Paul Moore
2020-08-04 16:14 ` Richard Haines
2020-08-06 2:34 ` Paul Moore
2020-08-06 10:07 ` Richard Haines
2020-08-06 21:49 ` Paul Moore
2020-08-04 1:33 ` Paul Moore [this message]
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 07/18] vm_support: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 08/18] user_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 09/18] userspace_libraries: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 10/18] type_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 11/18] postgresql: update PostgreSQL SELinux Support section Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 12/18] all: remove all the <br> tags we haven't gotten to yet Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 13/18] all: unify example formatting (scripts, code, policy, etc) in markdown Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 15/18] all: consolidate multiple blank lines into one Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 16/18] kernel_policy_language: convert the footnotes to markdown Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 17/18] title: assorted updates Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 18/18] x_windows: don't call table 12 a table Paul Moore
2020-08-04 10:31 ` [RFC,selinux-notebook PATCH 00/18] markdown conversions and cleanups Richard Haines
2020-08-06 1:58 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=159650483517.8961.12011786927723219806.stgit@sifl \
--to=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.