From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Moore Subject: Re: [PATCH v7 0/9] SELinux support for Infiniband RDMA Date: Mon, 22 May 2017 15:14:02 -0400 Message-ID: References: <1495198139-69993-1-git-send-email-danielj@mellanox.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Return-path: In-Reply-To: Sender: linux-rdma-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: James Morris , Dan Jurgens Cc: chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org, Stephen Smalley , Eric Paris , dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org, hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org List-Id: linux-rdma@vger.kernel.org On Sun, May 21, 2017 at 8:35 PM, James Morris wrote: > On Fri, 19 May 2017, Dan Jurgens wrote: > >> From: Daniel Jurgens > > What kind of testing has this code had? It's relatively complex and as a > security feature, it especially needs to be well-tested. Check the relevant threads on the SELinux list as well as Daniel's response. Aside from the usual developer unit testing, we've gone through multiple rounds of reviews and have gotten ACKs from the IB folks. Daniel is currently working on adding tests to the selinux-testsuite (see the SELinux list for the patches) and I merged this to the selinux/next branch last week so we could get as much exposure as possible before the next merge window (linux-next has already caught two things). I did let Daniel know that inclusion in the next pull request is contingent on the tests being in place (as well as the userspace, policy, etc.). I think we are in a good spot right now with this patchset, especially considering we are only at -rc2 and still have several weeks before the next merge window opens. -- paul moore www.paul-moore.com -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4MJE8UU029813 for ; Mon, 22 May 2017 15:14:08 -0400 Received: by mail-lf0-f67.google.com with SMTP id h4so6224497lfj.3 for ; Mon, 22 May 2017 12:14:05 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <1495198139-69993-1-git-send-email-danielj@mellanox.com> From: Paul Moore Date: Mon, 22 May 2017 15:14:02 -0400 Message-ID: Subject: Re: [PATCH v7 0/9] SELinux support for Infiniband RDMA To: James Morris , Dan Jurgens Cc: chrisw@sous-sol.org, Stephen Smalley , Eric Paris , dledford@redhat.com, sean.hefty@intel.com, hal.rosenstock@gmail.com, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, linux-rdma@vger.kernel.org, yevgenyp@mellanox.com Content-Type: text/plain; charset="UTF-8" List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On Sun, May 21, 2017 at 8:35 PM, James Morris wrote: > On Fri, 19 May 2017, Dan Jurgens wrote: > >> From: Daniel Jurgens > > What kind of testing has this code had? It's relatively complex and as a > security feature, it especially needs to be well-tested. Check the relevant threads on the SELinux list as well as Daniel's response. Aside from the usual developer unit testing, we've gone through multiple rounds of reviews and have gotten ACKs from the IB folks. Daniel is currently working on adding tests to the selinux-testsuite (see the SELinux list for the patches) and I merged this to the selinux/next branch last week so we could get as much exposure as possible before the next merge window (linux-next has already caught two things). I did let Daniel know that inclusion in the next pull request is contingent on the tests being in place (as well as the userspace, policy, etc.). I think we are in a good spot right now with this patchset, especially considering we are only at -rc2 and still have several weeks before the next merge window opens. -- paul moore www.paul-moore.com From mboxrd@z Thu Jan 1 00:00:00 1970 From: paul@paul-moore.com (Paul Moore) Date: Mon, 22 May 2017 15:14:02 -0400 Subject: [PATCH v7 0/9] SELinux support for Infiniband RDMA In-Reply-To: References: <1495198139-69993-1-git-send-email-danielj@mellanox.com> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Sun, May 21, 2017 at 8:35 PM, James Morris wrote: > On Fri, 19 May 2017, Dan Jurgens wrote: > >> From: Daniel Jurgens > > What kind of testing has this code had? It's relatively complex and as a > security feature, it especially needs to be well-tested. Check the relevant threads on the SELinux list as well as Daniel's response. Aside from the usual developer unit testing, we've gone through multiple rounds of reviews and have gotten ACKs from the IB folks. Daniel is currently working on adding tests to the selinux-testsuite (see the SELinux list for the patches) and I merged this to the selinux/next branch last week so we could get as much exposure as possible before the next merge window (linux-next has already caught two things). I did let Daniel know that inclusion in the next pull request is contingent on the tests being in place (as well as the userspace, policy, etc.). I think we are in a good spot right now with this patchset, especially considering we are only at -rc2 and still have several weeks before the next merge window opens. -- paul moore www.paul-moore.com -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html