From: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
To: Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>,
Paul Moore <pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: "chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org"
<chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org>,
"paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org"
<paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org>,
"sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org"
<sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
"eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org"
<eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org>,
"dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org"
<dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org"
<sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
"hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org"
<hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org"
<selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
"linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Yevgeny Petrilin
<yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH 04/12] selinux: Allocate and free infiniband security hooks
Date: Thu, 30 Jun 2016 21:48:12 +0000 [thread overview]
Message-ID: <AM4PR0501MB2257ADAB527392547179F779C4240@AM4PR0501MB2257.eurprd05.prod.outlook.com> (raw)
In-Reply-To: 6662b3b0-6897-8775-dc30-2757387428e4@schaufler-ca.com
On 6/30/2016 4:06 PM, Casey Schaufler wrote:
> On 6/30/2016 1:42 PM, Paul Moore wrote:
>> On Thu, Jun 23, 2016 at 3:52 PM, Dan Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org> wrote:
>>> From: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>>>
>>> Implement and attach hooks to allocate and free Infiniband QP and MAD
>>> agent security structures.
>>>
>>> Signed-off-by: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>>> Reviewed-by: Eli Cohen <eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>>> ---
>>> include/rdma/ib_mad.h | 1 +
>>> include/rdma/ib_verbs.h | 1 +
>>> security/selinux/hooks.c | 53 +++++++++++++++++++++++++++++++++++++++
>>> security/selinux/include/objsec.h | 5 ++++
>>> 4 files changed, 60 insertions(+)
>>>
>>> diff --git a/include/rdma/ib_mad.h b/include/rdma/ib_mad.h
>>> index c8a773f..a1ed025 100644
>>> --- a/include/rdma/ib_mad.h
>>> +++ b/include/rdma/ib_mad.h
>>> @@ -537,6 +537,7 @@ struct ib_mad_agent {
>>> u32 flags;
>>> u8 port_num;
>>> u8 rmpp_version;
>>> + void *m_security;
>> General convention is to just call the LSM blobs "security" unless
>> there is already a field with that name.
> Not that it really matters all that much, but an unadorned "security"
> makes it unnecessarily difficult to match "p->security" to the data
> involved when you're looking at keys, creds and ipc. I like having
> the prefix. I think the other fields in the structure should have it,
> too, but as I'm not an acknowledged authority on good style I hesitate
> to suggest it in general.
Now that you mention it I think this was part of your comment about not using void*.
>>> };
>>>
>>> /**
>>> diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
>>> index 3f6780b..e522acb 100644
>>> --- a/include/rdma/ib_verbs.h
>>> +++ b/include/rdma/ib_verbs.h
>>> @@ -1454,6 +1454,7 @@ struct ib_qp {
>>> void *qp_context;
>>> u32 qp_num;
>>> enum ib_qp_type qp_type;
>>> + struct ib_qp_security *qp_sec;
>> See my earlier question/comment about just using a void pointer here.
> I think that this is in response to my comments to the
> effect that I would like to see the LSM infrastructure
> using the inode like (inode->i_security) to the xfrm
> (void *) approach. I haven't been looking at the IB patches
> too carefully to date. It's possible I have not been clear.
My understanding at the time was that by using something other than a void * different security modules could maintain their own opaque blobs with in and keep the same prototype for the hook. It's possible I misunderstood you, but it made sense to me. I don't know of any plans for other security modules to support Infiniband, but this leaves the door open.
>>> };
>>>
>>> struct ib_mr {
>>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>>> index 6a8841d..4f13ea4 100644
>>> --- a/security/selinux/hooks.c
>>> +++ b/security/selinux/hooks.c
>>> @@ -17,6 +17,7 @@
>>> * Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org>
>>> * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
>>> * Yuichi Nakamura <ynakam-FkO1umbPgv4fag7Bw7Dlfw@public.gmane.org>
>>> + * Copyright (C) 2016 Mellanox Technologies
>>> *
>>> * This program is free software; you can redistribute it and/or modify
>>> * it under the terms of the GNU General Public License version 2,
>>> @@ -83,6 +84,8 @@
>>> #include <linux/export.h>
>>> #include <linux/msg.h>
>>> #include <linux/shm.h>
>>> +#include <rdma/ib_verbs.h>
>>> +#include <rdma/ib_mad.h>
>>>
>>> #include "avc.h"
>>> #include "objsec.h"
>>> @@ -6015,6 +6018,47 @@ static void selinux_unregister_ib_flush_callback(void)
>>> mutex_unlock(&ib_flush_mutex);
>>> }
>>>
>>> +static int selinux_ib_qp_alloc_security(struct ib_qp_security *qp_sec)
>>> +{
>>> + struct ib_security_struct *sec;
>>> +
>>> + sec = kzalloc(sizeof(*sec), GFP_ATOMIC);
>>> + if (!sec)
>>> + return -ENOMEM;
>>> + sec->sid = current_sid();
>>> +
>>> + qp_sec->q_security = sec;
>>> + return 0;
>>> +}
>> If you get rid of the ip_qp_security struct, you can just return the
>> blob instead of an int (NULL on error). Same with the MAD allocator
>> below.
>>
>> Also, and this may be more important for the MAD allocator below (I'm
>> still pretty IB-ignorant), can you forsee the need/desire to have the
>> QP/MAD label different from the process which creates them? How often
>> will other SELinux domains need to interact with these objects?
>>
>>> +static void selinux_ib_qp_free_security(struct ib_qp_security *qp_sec)
>>> +{
>>> + struct ib_security_struct *sec = qp_sec->q_security;
>>> +
>>> + qp_sec->q_security = NULL;
>>> + kfree(sec);
>>> +}
>>> +
>>> +static int selinux_ib_mad_agent_alloc_security(struct ib_mad_agent *mad_agent)
>>> +{
>>> + struct ib_security_struct *sec;
>>> +
>>> + sec = kzalloc(sizeof(*sec), GFP_ATOMIC);
>>> + if (!sec)
>>> + return -ENOMEM;
>>> + sec->sid = current_sid();
>>> +
>>> + mad_agent->m_security = sec;
>>> + return 0;
>>> +}
>>> +
>>> +static void selinux_ib_mad_agent_free_security(struct ib_mad_agent *mad_agent)
>>> +{
>>> + struct ib_security_struct *sec = mad_agent->m_security;
>>> +
>>> + mad_agent->m_security = NULL;
>>> + kfree(sec);
>>> +}
>>> #endif
>
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Jurgens <danielj@mellanox.com>
To: Casey Schaufler <casey@schaufler-ca.com>, Paul Moore <pmoore@redhat.com>
Cc: "chrisw@sous-sol.org" <chrisw@sous-sol.org>,
"paul@paul-moore.com" <paul@paul-moore.com>,
"sds@tycho.nsa.gov" <sds@tycho.nsa.gov>,
"eparis@parisplace.org" <eparis@parisplace.org>,
"dledford@redhat.com" <dledford@redhat.com>,
"sean.hefty@intel.com" <sean.hefty@intel.com>,
"hal.rosenstock@gmail.com" <hal.rosenstock@gmail.com>,
"selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
Yevgeny Petrilin <yevgenyp@mellanox.com>
Subject: Re: [PATCH 04/12] selinux: Allocate and free infiniband security hooks
Date: Thu, 30 Jun 2016 21:48:12 +0000 [thread overview]
Message-ID: <AM4PR0501MB2257ADAB527392547179F779C4240@AM4PR0501MB2257.eurprd05.prod.outlook.com> (raw)
In-Reply-To: 6662b3b0-6897-8775-dc30-2757387428e4@schaufler-ca.com
On 6/30/2016 4:06 PM, Casey Schaufler wrote:
> On 6/30/2016 1:42 PM, Paul Moore wrote:
>> On Thu, Jun 23, 2016 at 3:52 PM, Dan Jurgens <danielj@mellanox.com> wrote:
>>> From: Daniel Jurgens <danielj@mellanox.com>
>>>
>>> Implement and attach hooks to allocate and free Infiniband QP and MAD
>>> agent security structures.
>>>
>>> Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
>>> Reviewed-by: Eli Cohen <eli@mellanox.com>
>>> ---
>>> include/rdma/ib_mad.h | 1 +
>>> include/rdma/ib_verbs.h | 1 +
>>> security/selinux/hooks.c | 53 +++++++++++++++++++++++++++++++++++++++
>>> security/selinux/include/objsec.h | 5 ++++
>>> 4 files changed, 60 insertions(+)
>>>
>>> diff --git a/include/rdma/ib_mad.h b/include/rdma/ib_mad.h
>>> index c8a773f..a1ed025 100644
>>> --- a/include/rdma/ib_mad.h
>>> +++ b/include/rdma/ib_mad.h
>>> @@ -537,6 +537,7 @@ struct ib_mad_agent {
>>> u32 flags;
>>> u8 port_num;
>>> u8 rmpp_version;
>>> + void *m_security;
>> General convention is to just call the LSM blobs "security" unless
>> there is already a field with that name.
> Not that it really matters all that much, but an unadorned "security"
> makes it unnecessarily difficult to match "p->security" to the data
> involved when you're looking at keys, creds and ipc. I like having
> the prefix. I think the other fields in the structure should have it,
> too, but as I'm not an acknowledged authority on good style I hesitate
> to suggest it in general.
Now that you mention it I think this was part of your comment about not using void*.
>>> };
>>>
>>> /**
>>> diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
>>> index 3f6780b..e522acb 100644
>>> --- a/include/rdma/ib_verbs.h
>>> +++ b/include/rdma/ib_verbs.h
>>> @@ -1454,6 +1454,7 @@ struct ib_qp {
>>> void *qp_context;
>>> u32 qp_num;
>>> enum ib_qp_type qp_type;
>>> + struct ib_qp_security *qp_sec;
>> See my earlier question/comment about just using a void pointer here.
> I think that this is in response to my comments to the
> effect that I would like to see the LSM infrastructure
> using the inode like (inode->i_security) to the xfrm
> (void *) approach. I haven't been looking at the IB patches
> too carefully to date. It's possible I have not been clear.
My understanding at the time was that by using something other than a void * different security modules could maintain their own opaque blobs with in and keep the same prototype for the hook. It's possible I misunderstood you, but it made sense to me. I don't know of any plans for other security modules to support Infiniband, but this leaves the door open.
>>> };
>>>
>>> struct ib_mr {
>>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>>> index 6a8841d..4f13ea4 100644
>>> --- a/security/selinux/hooks.c
>>> +++ b/security/selinux/hooks.c
>>> @@ -17,6 +17,7 @@
>>> * Paul Moore <paul@paul-moore.com>
>>> * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
>>> * Yuichi Nakamura <ynakam@hitachisoft.jp>
>>> + * Copyright (C) 2016 Mellanox Technologies
>>> *
>>> * This program is free software; you can redistribute it and/or modify
>>> * it under the terms of the GNU General Public License version 2,
>>> @@ -83,6 +84,8 @@
>>> #include <linux/export.h>
>>> #include <linux/msg.h>
>>> #include <linux/shm.h>
>>> +#include <rdma/ib_verbs.h>
>>> +#include <rdma/ib_mad.h>
>>>
>>> #include "avc.h"
>>> #include "objsec.h"
>>> @@ -6015,6 +6018,47 @@ static void selinux_unregister_ib_flush_callback(void)
>>> mutex_unlock(&ib_flush_mutex);
>>> }
>>>
>>> +static int selinux_ib_qp_alloc_security(struct ib_qp_security *qp_sec)
>>> +{
>>> + struct ib_security_struct *sec;
>>> +
>>> + sec = kzalloc(sizeof(*sec), GFP_ATOMIC);
>>> + if (!sec)
>>> + return -ENOMEM;
>>> + sec->sid = current_sid();
>>> +
>>> + qp_sec->q_security = sec;
>>> + return 0;
>>> +}
>> If you get rid of the ip_qp_security struct, you can just return the
>> blob instead of an int (NULL on error). Same with the MAD allocator
>> below.
>>
>> Also, and this may be more important for the MAD allocator below (I'm
>> still pretty IB-ignorant), can you forsee the need/desire to have the
>> QP/MAD label different from the process which creates them? How often
>> will other SELinux domains need to interact with these objects?
>>
>>> +static void selinux_ib_qp_free_security(struct ib_qp_security *qp_sec)
>>> +{
>>> + struct ib_security_struct *sec = qp_sec->q_security;
>>> +
>>> + qp_sec->q_security = NULL;
>>> + kfree(sec);
>>> +}
>>> +
>>> +static int selinux_ib_mad_agent_alloc_security(struct ib_mad_agent *mad_agent)
>>> +{
>>> + struct ib_security_struct *sec;
>>> +
>>> + sec = kzalloc(sizeof(*sec), GFP_ATOMIC);
>>> + if (!sec)
>>> + return -ENOMEM;
>>> + sec->sid = current_sid();
>>> +
>>> + mad_agent->m_security = sec;
>>> + return 0;
>>> +}
>>> +
>>> +static void selinux_ib_mad_agent_free_security(struct ib_mad_agent *mad_agent)
>>> +{
>>> + struct ib_security_struct *sec = mad_agent->m_security;
>>> +
>>> + mad_agent->m_security = NULL;
>>> + kfree(sec);
>>> +}
>>> #endif
>
next prev parent reply other threads:[~2016-06-30 21:48 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-23 19:52 [PATCH 00/12] SELinux support for Infiniband RDMA Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-23 19:52 ` [PATCH 01/12] security: Add LSM hooks for Infiniband security Dan Jurgens
[not found] ` <1466711578-64398-2-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 14:57 ` Yuval Shaia
2016-06-30 14:57 ` Yuval Shaia
2016-06-30 20:27 ` Paul Moore
2016-06-30 20:27 ` Paul Moore
2016-06-30 21:09 ` Daniel Jurgens
2016-06-30 21:09 ` Daniel Jurgens
2016-06-30 21:27 ` Paul Moore
2016-06-30 21:34 ` Daniel Jurgens
2016-06-30 21:34 ` Daniel Jurgens
2016-06-30 20:33 ` Paul Moore
2016-06-30 20:33 ` Paul Moore
2016-06-30 21:27 ` Daniel Jurgens
2016-06-30 21:27 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257674DEA1F81F53A35AC21C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:30 ` Paul Moore
2016-06-30 21:30 ` Paul Moore
2016-06-23 19:52 ` [PATCH 02/12] selinux: Create policydb version for Infiniband support Dan Jurgens
[not found] ` <1466711578-64398-3-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:01 ` Yuval Shaia
2016-06-30 15:01 ` Yuval Shaia
[not found] ` <20160630150140.GB22107-Hxa29pjIrETlQW142y8m19+IiqhCXseY@public.gmane.org>
2016-07-01 12:50 ` Leon Romanovsky
2016-07-01 12:50 ` Leon Romanovsky
2016-07-01 13:49 ` Daniel Jurgens
2016-07-01 13:49 ` Daniel Jurgens
[not found] ` <DB6PR0501MB2261C7D467873122250A1F3EC4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 20:48 ` Leon Romanovsky
2016-07-01 20:48 ` Leon Romanovsky
2016-06-30 20:17 ` Paul Moore
2016-06-30 20:17 ` Paul Moore
2016-06-30 20:59 ` Daniel Jurgens
2016-06-30 20:59 ` Daniel Jurgens
[not found] ` <AM4PR0501MB22579221434714783B0AFC68C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:18 ` Paul Moore
2016-06-30 21:18 ` Paul Moore
2016-06-30 21:32 ` Daniel Jurgens
2016-06-30 21:32 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257CB8E6F84835315734487C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:37 ` Paul Moore
2016-06-30 21:37 ` Paul Moore
2016-06-23 19:52 ` [PATCH 10/12] IB/core: Enforce PKey security on management datagrams Dan Jurgens
[not found] ` <1466711578-64398-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-23 19:52 ` [PATCH 03/12] selinux: Implement Infiniband flush callback Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-4-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:10 ` Yuval Shaia
2016-06-30 15:10 ` Yuval Shaia
2016-06-30 15:44 ` Daniel Jurgens
2016-06-30 15:44 ` Daniel Jurgens
[not found] ` <AM4PR0501MB22578AA5FF8B4062F650C581C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 19:52 ` Paul Moore
2016-06-30 19:52 ` Paul Moore
[not found] ` <CAGH-Kgtn0EFxYc+UOvVQk-0Bco0oOG=STZA+aGYza4TmbNXq3A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-30 20:16 ` Casey Schaufler
2016-06-30 20:16 ` Casey Schaufler
[not found] ` <13cf2b8b-1d4e-e61f-80fe-110af2a719cf-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2016-06-30 20:24 ` Paul Moore
2016-06-30 20:24 ` Paul Moore
2016-06-30 20:39 ` Daniel Jurgens
2016-06-30 20:39 ` Daniel Jurgens
2016-06-23 19:52 ` [PATCH 04/12] selinux: Allocate and free infiniband security hooks Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-5-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:15 ` Yuval Shaia
2016-06-30 15:15 ` Yuval Shaia
2016-06-30 20:42 ` Paul Moore
2016-06-30 20:42 ` Paul Moore
[not found] ` <CAGH-KgvtN8T7e5bKq0jJZvSzrGfFwA2VpmPf5gJuqdLZi6odEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-30 21:06 ` Casey Schaufler
2016-06-30 21:06 ` Casey Schaufler
2016-06-30 21:48 ` Daniel Jurgens [this message]
2016-06-30 21:48 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257ADAB527392547179F779C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 18:54 ` Paul Moore
2016-07-01 18:54 ` Paul Moore
2016-07-01 18:59 ` Daniel Jurgens
2016-07-01 18:59 ` Daniel Jurgens
2016-07-01 19:17 ` Paul Moore
2016-07-01 20:13 ` Casey Schaufler
2016-07-01 20:46 ` Daniel Jurgens
2016-07-01 20:46 ` Daniel Jurgens
[not found] ` <DB6PR0501MB226138FF74D031F6BD1C48C6C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 21:16 ` Casey Schaufler
2016-07-01 21:16 ` Casey Schaufler
2016-07-01 22:15 ` Paul Moore
2016-06-23 19:52 ` [PATCH 05/12] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-6-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:23 ` Yuval Shaia
2016-06-30 15:23 ` Yuval Shaia
2016-06-30 15:35 ` Daniel Jurgens
2016-06-30 15:35 ` Daniel Jurgens
2016-07-01 16:29 ` Paul Moore
2016-07-01 16:29 ` Paul Moore
2016-07-01 18:21 ` Daniel Jurgens
2016-07-01 18:21 ` Daniel Jurgens
2016-07-01 18:58 ` Paul Moore
2016-07-01 19:16 ` Daniel Jurgens
2016-07-01 19:16 ` Daniel Jurgens
[not found] ` <DB6PR0501MB22614C80007D7408544B4B30C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 19:26 ` Paul Moore
2016-07-01 19:26 ` Paul Moore
2016-07-01 19:57 ` Daniel Jurgens
2016-07-01 19:57 ` Daniel Jurgens
[not found] ` <DB6PR0501MB2261C903AB4CE9644604B9E8C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 20:42 ` Paul Moore
2016-07-01 20:42 ` Paul Moore
2016-07-11 14:46 ` Stephen Smalley
2016-07-11 19:03 ` Daniel Jurgens
2016-07-11 19:03 ` Daniel Jurgens
[not found] ` <1c637b46-7352-b369-4891-4b695ff80b3b-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2016-07-12 20:28 ` Paul Moore
2016-07-12 20:28 ` Paul Moore
2016-06-23 19:52 ` [PATCH 06/12] selinux: Add IB End Port SMP " Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-30 15:31 ` Yuval Shaia
[not found] ` <1466711578-64398-7-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-07-01 18:48 ` Paul Moore
2016-07-01 18:48 ` Paul Moore
2016-06-23 19:52 ` [PATCH 07/12] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-8-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-23 21:59 ` kbuild test robot
2016-06-23 21:59 ` kbuild test robot
2016-06-30 15:41 ` Yuval Shaia
2016-06-30 15:41 ` Yuval Shaia
2016-07-01 18:51 ` Paul Moore
2016-07-01 18:51 ` Paul Moore
2016-06-23 19:52 ` [PATCH 08/12] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-9-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:47 ` Yuval Shaia
2016-06-30 15:47 ` Yuval Shaia
2016-06-23 19:52 ` [PATCH 09/12] IB/core: Enforce PKey security on QPs Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-23 19:52 ` [PATCH 11/12] IB/core: Enforce Infiniband device SMI security Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-23 19:52 ` [PATCH 12/12] IB/core: Implement the Infiniband flush callback Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-30 14:43 ` [PATCH 00/12] SELinux support for Infiniband RDMA Yuval Shaia
2016-06-30 14:43 ` Yuval Shaia
2016-06-30 14:47 ` Daniel Jurgens
2016-06-30 14:47 ` Daniel Jurgens
2016-06-29 17:33 ` Paul Moore
2016-06-29 19:09 ` Daniel Jurgens
2016-06-29 19:09 ` Daniel Jurgens
[not found] ` <DB6PR0501MB22611E2BA664DD033571AEDEC4230-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 15:18 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM4PR0501MB2257ADAB527392547179F779C4240@AM4PR0501MB2257.eurprd05.prod.outlook.com \
--to=danielj-vpraknaxozvwk0htik3j/w@public.gmane.org \
--cc=casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org \
--cc=chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org \
--cc=pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.