From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: "ira.weiny" <ira.weiny@intel.com>
Cc: Daniel Jurgens <danielj@mellanox.com>,
Liran Liss <liranl@mellanox.com>,
Paul Moore <paul@paul-moore.com>,
Leon Romanovsky <leon@kernel.org>,
"chrisw@sous-sol.org" <chrisw@sous-sol.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
"dledford@redhat.com" <dledford@redhat.com>,
"sean.hefty@intel.com" <sean.hefty@intel.com>,
"hal.rosenstock@gmail.com" <hal.rosenstock@gmail.com>,
"selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
Yevgeny Petrilin <yevgenyp@mellanox.com>
Subject: Re: [PATCH v3 0/9] SELinux support for Infiniband RDMA
Date: Thu, 8 Sep 2016 13:35:12 -0600 [thread overview]
Message-ID: <20160908193512.GB1868@obsidianresearch.com> (raw)
In-Reply-To: <20160908191457.GB26402@phlsvsds.ph.intel.com>
On Thu, Sep 08, 2016 at 03:14:57PM -0400, ira.weiny wrote:
> On Thu, Sep 08, 2016 at 10:19:48AM -0600, Jason Gunthorpe wrote:
> > On Thu, Sep 08, 2016 at 02:12:48PM +0000, Daniel Jurgens wrote:
> >
> > > It would have to include the port, but idea of using a device name
> > > for this is pretty ugly. <subnet_prefix,pkey> makes it very easy to
> > > write a policy that can be deployed widely. <device,port,pkey/vlan>
> > > could require many different policies depending on the configuration
> > > of each machine.
> >
> > What does net do? Should we have a way to unformly label the rdma ports?
>
> Uniformly label them on the local node or across a cluster?
However we want. If the argument comes down to 'we stupidly choose to
call our devices mlx5_0', then lets allow the admin rename that to
'rdma0' and a cluster wide config file will apply uniformly. This
approach applies to all configuration related to rdma, not just
SELinux.
> > If they are not written to disk I don't see the problem, the dynamic
> > injector will have to figure out what interface is what.
>
> Who is the "dynamic injector"?
Docker, for instance.
Jason
next prev parent reply other threads:[~2016-09-08 19:35 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-29 13:53 [PATCH v3 0/9] SELinux support for Infiniband RDMA Dan Jurgens
2016-07-29 13:53 ` Dan Jurgens
2016-07-29 13:53 ` [PATCH v3 1/9] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
[not found] ` <1469800416-125043-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-07-29 13:53 ` [PATCH v3 2/9] IB/core: Enforce PKey security on QPs Dan Jurgens
2016-07-29 13:53 ` Dan Jurgens
2016-07-29 13:53 ` [PATCH v3 3/9] selinux lsm IB/core: Implement LSM notification system Dan Jurgens
2016-07-29 13:53 ` Dan Jurgens
[not found] ` <1469800416-125043-4-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-07-29 22:40 ` kbuild test robot
2016-07-29 22:40 ` kbuild test robot
2016-09-01 1:35 ` Paul Moore
2016-07-29 13:53 ` [PATCH v3 4/9] IB/core: Enforce security on management datagrams Dan Jurgens
2016-07-29 13:53 ` Dan Jurgens
2016-07-29 13:53 ` [PATCH v3 5/9] selinux: Create policydb version for Infiniband support Dan Jurgens
2016-07-29 13:53 ` Dan Jurgens
[not found] ` <1469800416-125043-6-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-09-01 1:39 ` Paul Moore
2016-09-01 1:39 ` Paul Moore
2016-07-29 13:53 ` [PATCH v3 9/9] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
2016-07-29 13:53 ` Dan Jurgens
2016-07-29 13:53 ` [PATCH v3 6/9] selinux: Allocate and free infiniband security hooks Dan Jurgens
2016-07-29 13:53 ` [PATCH v3 7/9] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-07-29 13:53 ` [PATCH v3 8/9] selinux: Add IB Port SMP " Dan Jurgens
2016-08-29 21:40 ` [PATCH v3 0/9] SELinux support for Infiniband RDMA Paul Moore
2016-08-29 21:48 ` Daniel Jurgens
2016-08-30 0:00 ` Paul Moore
2016-08-30 7:46 ` Leon Romanovsky
2016-08-30 13:53 ` Paul Moore
2016-08-30 14:06 ` Daniel Jurgens
2016-08-30 14:06 ` Daniel Jurgens
[not found] ` <VI1PR0501MB242949202A1DA23E5C8E1E8AC4E00-o1MPJYiShEyB6Z+oivrBG8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-08-30 15:01 ` Leon Romanovsky
2016-08-30 15:01 ` Leon Romanovsky
2016-08-30 18:46 ` Jason Gunthorpe
2016-08-30 18:52 ` Daniel Jurgens
2016-08-30 18:52 ` Daniel Jurgens
2016-08-30 18:55 ` Jason Gunthorpe
2016-08-30 19:10 ` Daniel Jurgens
2016-08-30 19:10 ` Daniel Jurgens
2016-09-01 16:34 ` Jason Gunthorpe
[not found] ` <20160901163418.GA6479-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-09-01 18:06 ` Paul Moore
2016-09-01 18:06 ` Paul Moore
2016-09-06 20:02 ` Jason Gunthorpe
2016-09-06 20:35 ` Daniel Jurgens
2016-09-06 20:35 ` Daniel Jurgens
2016-09-06 21:55 ` Jason Gunthorpe
2016-09-08 0:01 ` ira.weiny
2016-09-08 14:12 ` Daniel Jurgens
2016-09-08 14:12 ` Daniel Jurgens
2016-09-08 16:19 ` Jason Gunthorpe
2016-09-08 16:44 ` Daniel Jurgens
2016-09-08 16:44 ` Daniel Jurgens
2016-09-08 18:36 ` Jason Gunthorpe
2016-09-08 18:59 ` Daniel Jurgens
2016-09-08 18:59 ` Daniel Jurgens
2016-09-08 19:32 ` Jason Gunthorpe
2016-09-21 16:16 ` ira.weiny
[not found] ` <20160921161626.GA27837-W4f6Xiosr+yv7QzWx2u06xL4W9x8LtSr@public.gmane.org>
2016-09-22 15:04 ` Liran Liss
2016-09-22 15:04 ` Liran Liss
[not found] ` <20160908161948.GA21614-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-09-08 19:14 ` ira.weiny
2016-09-08 19:14 ` ira.weiny
2016-09-08 19:35 ` Jason Gunthorpe [this message]
2016-09-15 1:52 ` ira.weiny
[not found] ` <DB6PR0501MB2422EA34EED4EE35EE7B1D28C4FB0-wTfl6qNNZ1ODMMyMbWtEF8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-09-08 17:47 ` Liran Liss
2016-09-08 17:47 ` Liran Liss
2016-09-08 18:37 ` Jason Gunthorpe
2016-09-08 19:01 ` Daniel Jurgens
2016-09-08 19:01 ` Daniel Jurgens
2016-09-08 18:34 ` ira.weiny
2016-09-20 23:43 ` Paul Moore
2016-09-23 13:26 ` Daniel Jurgens
2016-09-23 13:26 ` Daniel Jurgens
[not found] ` <VI1PR0501MB24299E036F1FCD335A2C2049C4C80-o1MPJYiShEyB6Z+oivrBG8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-09-29 22:16 ` Paul Moore
2016-09-29 22:16 ` Paul Moore
[not found] ` <CAHC9VhShCgxonV1rN-J7LyezamzZtKNZ1SR7ywnTB9Kgia_u1w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-09-29 22:41 ` Jason Gunthorpe
2016-09-29 22:41 ` Jason Gunthorpe
2016-09-30 19:59 ` Paul Moore
[not found] ` <CAHC9VhTBW9VsMHag41x1GWUbwPQeLngi8_iq9CPuQ=UMxDebkg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-09-30 20:46 ` Jason Gunthorpe
2016-09-30 20:46 ` Jason Gunthorpe
2016-09-26 18:17 ` Jason Gunthorpe
[not found] ` <20160830074607.GN594-2ukJVAZIZ/Y@public.gmane.org>
2016-08-30 15:02 ` Or Gerlitz
2016-08-30 15:02 ` Or Gerlitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160908193512.GB1868@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=chrisw@sous-sol.org \
--cc=danielj@mellanox.com \
--cc=dledford@redhat.com \
--cc=eparis@parisplace.org \
--cc=hal.rosenstock@gmail.com \
--cc=ira.weiny@intel.com \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=liranl@mellanox.com \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=sean.hefty@intel.com \
--cc=selinux@tycho.nsa.gov \
--cc=yevgenyp@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.