From: Paul Moore <pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: "chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org"
<chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org>,
"paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org"
<paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org>,
"sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org"
<sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
"eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org"
<eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org>,
"dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org"
<dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org"
<sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
"hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org"
<hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org"
<selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
"linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Yevgeny Petrilin
<yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH 02/12] selinux: Create policydb version for Infiniband support
Date: Thu, 30 Jun 2016 17:37:34 -0400 [thread overview]
Message-ID: <CAGH-Kguca78Ma-VJkOz97ixLHrXDgWQxNURre9tVOh+Qb6C1aQ@mail.gmail.com> (raw)
In-Reply-To: <AM4PR0501MB2257CB8E6F84835315734487C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
On Thu, Jun 30, 2016 at 5:32 PM, Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org> wrote:
> On 6/30/2016 4:18 PM, Paul Moore wrote:
>> On Thu, Jun 30, 2016 at 4:59 PM, Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org> wrote:
>>> On 6/30/2016 3:17 PM, Paul Moore wrote:
>>>> On Thu, Jun 23, 2016 at 3:52 PM, Dan Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org> wrote:
>>>>> From: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>>>>>
>>>>> Support for Infiniband requires the addition of two new object contexts,
>>>>> one for infiniband PKeys and another IB End Ports. Added handlers to read
>>>>> and write the new ocontext types when reading or writing a binary policy
>>>>> representation.
>>>>>
>>>>> Signed-off-by: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>>>>> Reviewed-by: Eli Cohen <eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>>>>> ---
>>>>> security/selinux/include/security.h | 3 +-
>>>>> security/selinux/ss/policydb.c | 129 +++++++++++++++++++++++++++++++-----
>>>>> security/selinux/ss/policydb.h | 27 +++++---
>>>>> 3 files changed, 135 insertions(+), 24 deletions(-)
...
}
>>>>> + case OCON_IB_END_PORT:
>>>> This is a little bit of bikeshedding, but is there such thing as an IB
>>>> "port" that isn't an *end* "port"? Could we simply use OCON_IB_PORT?
>>> Jason Gunthorpe requested that the name be end_port in the RFC series.
>> His reasoning? Is there a IB port concept that isn't an end port?
> The IB spec defines them as such. I had called them ib_devices previously though so it's possible he would tolerate "port" instead.
Okay, if that is what they are called that's fine with me. Perhaps
just squash the macro to OCON_IB_ENDPORT or similar; all those
underscores are messing with my mental parser.
--
paul moore
security @ redhat
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <pmoore@redhat.com>
To: Daniel Jurgens <danielj@mellanox.com>
Cc: "chrisw@sous-sol.org" <chrisw@sous-sol.org>,
"paul@paul-moore.com" <paul@paul-moore.com>,
"sds@tycho.nsa.gov" <sds@tycho.nsa.gov>,
"eparis@parisplace.org" <eparis@parisplace.org>,
"dledford@redhat.com" <dledford@redhat.com>,
"sean.hefty@intel.com" <sean.hefty@intel.com>,
"hal.rosenstock@gmail.com" <hal.rosenstock@gmail.com>,
"selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
Yevgeny Petrilin <yevgenyp@mellanox.com>
Subject: Re: [PATCH 02/12] selinux: Create policydb version for Infiniband support
Date: Thu, 30 Jun 2016 17:37:34 -0400 [thread overview]
Message-ID: <CAGH-Kguca78Ma-VJkOz97ixLHrXDgWQxNURre9tVOh+Qb6C1aQ@mail.gmail.com> (raw)
In-Reply-To: <AM4PR0501MB2257CB8E6F84835315734487C4240@AM4PR0501MB2257.eurprd05.prod.outlook.com>
On Thu, Jun 30, 2016 at 5:32 PM, Daniel Jurgens <danielj@mellanox.com> wrote:
> On 6/30/2016 4:18 PM, Paul Moore wrote:
>> On Thu, Jun 30, 2016 at 4:59 PM, Daniel Jurgens <danielj@mellanox.com> wrote:
>>> On 6/30/2016 3:17 PM, Paul Moore wrote:
>>>> On Thu, Jun 23, 2016 at 3:52 PM, Dan Jurgens <danielj@mellanox.com> wrote:
>>>>> From: Daniel Jurgens <danielj@mellanox.com>
>>>>>
>>>>> Support for Infiniband requires the addition of two new object contexts,
>>>>> one for infiniband PKeys and another IB End Ports. Added handlers to read
>>>>> and write the new ocontext types when reading or writing a binary policy
>>>>> representation.
>>>>>
>>>>> Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
>>>>> Reviewed-by: Eli Cohen <eli@mellanox.com>
>>>>> ---
>>>>> security/selinux/include/security.h | 3 +-
>>>>> security/selinux/ss/policydb.c | 129 +++++++++++++++++++++++++++++++-----
>>>>> security/selinux/ss/policydb.h | 27 +++++---
>>>>> 3 files changed, 135 insertions(+), 24 deletions(-)
...
}
>>>>> + case OCON_IB_END_PORT:
>>>> This is a little bit of bikeshedding, but is there such thing as an IB
>>>> "port" that isn't an *end* "port"? Could we simply use OCON_IB_PORT?
>>> Jason Gunthorpe requested that the name be end_port in the RFC series.
>> His reasoning? Is there a IB port concept that isn't an end port?
> The IB spec defines them as such. I had called them ib_devices previously though so it's possible he would tolerate "port" instead.
Okay, if that is what they are called that's fine with me. Perhaps
just squash the macro to OCON_IB_ENDPORT or similar; all those
underscores are messing with my mental parser.
--
paul moore
security @ redhat
next prev parent reply other threads:[~2016-06-30 21:37 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-23 19:52 [PATCH 00/12] SELinux support for Infiniband RDMA Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-23 19:52 ` [PATCH 01/12] security: Add LSM hooks for Infiniband security Dan Jurgens
[not found] ` <1466711578-64398-2-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 14:57 ` Yuval Shaia
2016-06-30 14:57 ` Yuval Shaia
2016-06-30 20:27 ` Paul Moore
2016-06-30 20:27 ` Paul Moore
2016-06-30 21:09 ` Daniel Jurgens
2016-06-30 21:09 ` Daniel Jurgens
2016-06-30 21:27 ` Paul Moore
2016-06-30 21:34 ` Daniel Jurgens
2016-06-30 21:34 ` Daniel Jurgens
2016-06-30 20:33 ` Paul Moore
2016-06-30 20:33 ` Paul Moore
2016-06-30 21:27 ` Daniel Jurgens
2016-06-30 21:27 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257674DEA1F81F53A35AC21C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:30 ` Paul Moore
2016-06-30 21:30 ` Paul Moore
2016-06-23 19:52 ` [PATCH 02/12] selinux: Create policydb version for Infiniband support Dan Jurgens
[not found] ` <1466711578-64398-3-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:01 ` Yuval Shaia
2016-06-30 15:01 ` Yuval Shaia
[not found] ` <20160630150140.GB22107-Hxa29pjIrETlQW142y8m19+IiqhCXseY@public.gmane.org>
2016-07-01 12:50 ` Leon Romanovsky
2016-07-01 12:50 ` Leon Romanovsky
2016-07-01 13:49 ` Daniel Jurgens
2016-07-01 13:49 ` Daniel Jurgens
[not found] ` <DB6PR0501MB2261C7D467873122250A1F3EC4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 20:48 ` Leon Romanovsky
2016-07-01 20:48 ` Leon Romanovsky
2016-06-30 20:17 ` Paul Moore
2016-06-30 20:17 ` Paul Moore
2016-06-30 20:59 ` Daniel Jurgens
2016-06-30 20:59 ` Daniel Jurgens
[not found] ` <AM4PR0501MB22579221434714783B0AFC68C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:18 ` Paul Moore
2016-06-30 21:18 ` Paul Moore
2016-06-30 21:32 ` Daniel Jurgens
2016-06-30 21:32 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257CB8E6F84835315734487C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:37 ` Paul Moore [this message]
2016-06-30 21:37 ` Paul Moore
2016-06-23 19:52 ` [PATCH 10/12] IB/core: Enforce PKey security on management datagrams Dan Jurgens
[not found] ` <1466711578-64398-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-23 19:52 ` [PATCH 03/12] selinux: Implement Infiniband flush callback Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-4-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:10 ` Yuval Shaia
2016-06-30 15:10 ` Yuval Shaia
2016-06-30 15:44 ` Daniel Jurgens
2016-06-30 15:44 ` Daniel Jurgens
[not found] ` <AM4PR0501MB22578AA5FF8B4062F650C581C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 19:52 ` Paul Moore
2016-06-30 19:52 ` Paul Moore
[not found] ` <CAGH-Kgtn0EFxYc+UOvVQk-0Bco0oOG=STZA+aGYza4TmbNXq3A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-30 20:16 ` Casey Schaufler
2016-06-30 20:16 ` Casey Schaufler
[not found] ` <13cf2b8b-1d4e-e61f-80fe-110af2a719cf-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2016-06-30 20:24 ` Paul Moore
2016-06-30 20:24 ` Paul Moore
2016-06-30 20:39 ` Daniel Jurgens
2016-06-30 20:39 ` Daniel Jurgens
2016-06-23 19:52 ` [PATCH 04/12] selinux: Allocate and free infiniband security hooks Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-5-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:15 ` Yuval Shaia
2016-06-30 15:15 ` Yuval Shaia
2016-06-30 20:42 ` Paul Moore
2016-06-30 20:42 ` Paul Moore
[not found] ` <CAGH-KgvtN8T7e5bKq0jJZvSzrGfFwA2VpmPf5gJuqdLZi6odEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-30 21:06 ` Casey Schaufler
2016-06-30 21:06 ` Casey Schaufler
2016-06-30 21:48 ` Daniel Jurgens
2016-06-30 21:48 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257ADAB527392547179F779C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 18:54 ` Paul Moore
2016-07-01 18:54 ` Paul Moore
2016-07-01 18:59 ` Daniel Jurgens
2016-07-01 18:59 ` Daniel Jurgens
2016-07-01 19:17 ` Paul Moore
2016-07-01 20:13 ` Casey Schaufler
2016-07-01 20:46 ` Daniel Jurgens
2016-07-01 20:46 ` Daniel Jurgens
[not found] ` <DB6PR0501MB226138FF74D031F6BD1C48C6C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 21:16 ` Casey Schaufler
2016-07-01 21:16 ` Casey Schaufler
2016-07-01 22:15 ` Paul Moore
2016-06-23 19:52 ` [PATCH 05/12] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-6-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:23 ` Yuval Shaia
2016-06-30 15:23 ` Yuval Shaia
2016-06-30 15:35 ` Daniel Jurgens
2016-06-30 15:35 ` Daniel Jurgens
2016-07-01 16:29 ` Paul Moore
2016-07-01 16:29 ` Paul Moore
2016-07-01 18:21 ` Daniel Jurgens
2016-07-01 18:21 ` Daniel Jurgens
2016-07-01 18:58 ` Paul Moore
2016-07-01 19:16 ` Daniel Jurgens
2016-07-01 19:16 ` Daniel Jurgens
[not found] ` <DB6PR0501MB22614C80007D7408544B4B30C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 19:26 ` Paul Moore
2016-07-01 19:26 ` Paul Moore
2016-07-01 19:57 ` Daniel Jurgens
2016-07-01 19:57 ` Daniel Jurgens
[not found] ` <DB6PR0501MB2261C903AB4CE9644604B9E8C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 20:42 ` Paul Moore
2016-07-01 20:42 ` Paul Moore
2016-07-11 14:46 ` Stephen Smalley
2016-07-11 19:03 ` Daniel Jurgens
2016-07-11 19:03 ` Daniel Jurgens
[not found] ` <1c637b46-7352-b369-4891-4b695ff80b3b-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2016-07-12 20:28 ` Paul Moore
2016-07-12 20:28 ` Paul Moore
2016-06-23 19:52 ` [PATCH 06/12] selinux: Add IB End Port SMP " Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-30 15:31 ` Yuval Shaia
[not found] ` <1466711578-64398-7-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-07-01 18:48 ` Paul Moore
2016-07-01 18:48 ` Paul Moore
2016-06-23 19:52 ` [PATCH 07/12] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-8-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-23 21:59 ` kbuild test robot
2016-06-23 21:59 ` kbuild test robot
2016-06-30 15:41 ` Yuval Shaia
2016-06-30 15:41 ` Yuval Shaia
2016-07-01 18:51 ` Paul Moore
2016-07-01 18:51 ` Paul Moore
2016-06-23 19:52 ` [PATCH 08/12] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
[not found] ` <1466711578-64398-9-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:47 ` Yuval Shaia
2016-06-30 15:47 ` Yuval Shaia
2016-06-23 19:52 ` [PATCH 09/12] IB/core: Enforce PKey security on QPs Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-23 19:52 ` [PATCH 11/12] IB/core: Enforce Infiniband device SMI security Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-23 19:52 ` [PATCH 12/12] IB/core: Implement the Infiniband flush callback Dan Jurgens
2016-06-23 19:52 ` Dan Jurgens
2016-06-30 14:43 ` [PATCH 00/12] SELinux support for Infiniband RDMA Yuval Shaia
2016-06-30 14:43 ` Yuval Shaia
2016-06-30 14:47 ` Daniel Jurgens
2016-06-30 14:47 ` Daniel Jurgens
2016-06-29 17:33 ` Paul Moore
2016-06-29 19:09 ` Daniel Jurgens
2016-06-29 19:09 ` Daniel Jurgens
[not found] ` <DB6PR0501MB22611E2BA664DD033571AEDEC4230-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 15:18 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGH-Kguca78Ma-VJkOz97ixLHrXDgWQxNURre9tVOh+Qb6C1aQ@mail.gmail.com \
--to=pmoore-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org \
--cc=danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org \
--cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.