Re: [PATCH v6 0/9] SELinux support for Infiniband RDMA

public inbox for linux-rdma@vger.kernel.org
 help / color / mirror / Atom feed

From: Doug Ledford <dledford@redhat.com>
To: Paul Moore <paul@paul-moore.com>, Daniel Jurgens <danielj@mellanox.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
	"chrisw@sous-sol.org" <chrisw@sous-sol.org>,
	"eparis@parisplace.org" <eparis@parisplace.org>,
	"sean.hefty@intel.com" <sean.hefty@intel.com>,
	"hal.rosenstock@gmail.com" <hal.rosenstock@gmail.com>,
	"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
	"linux-security-module@vger.kernel.org"
	<linux-security-module@vger.kernel.org>,
	"selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Subject: Re: [PATCH v6 0/9] SELinux support for Infiniband RDMA
Date: Tue, 24 Jan 2017 16:40:15 -0500	[thread overview]
Message-ID: <1485294015.43764.91.camel@redhat.com> (raw)
In-Reply-To: <CAHC9VhTdntem1hK0arEo4p1MWPH5sjzDN0yG_=1S7ui=C4i8Yg@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1839 bytes --]

On Tue, 2016-12-13 at 17:17 -0500, Paul Moore wrote:
> On Tue, Dec 13, 2016 at 11:25 AM, Daniel Jurgens <danielj@mellanox.co
> m> wrote:
> > 
> > On 12/13/2016 9:01 AM, Stephen Smalley wrote:
> > > 
> > > For the LSM/SELinux bits,
> > > Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> > > 
> > > Note that there will be a merge conflict on classmap.h due to
> > > commits in
> > > the selinux next branch, but that should be easy to resolve.
> > > 
> > > We'll need the patches for the selinux userspace and refpolicy.
> > 
> > Thanks Stephen, I need to rebase the user space and do some patch
> > breakup.  I'll start on that soon.
> 
> Sorry, I haven't had a chance to look at v6, but considering all our
> discussions on the previous versions I don't expect any issues from
> me.  I was hoping for some more generic hooks/controls, but that
> doesn't look to be possible given the nature of RDMA.  I also want to
> mention again the need for tests; we've talked about this in the past
> and while it isn't possible to run the tests without IB hardware, I
> would like to see us merge tests into the selinux-testsuite so that
> those who do have the required h/w available could run the tests.
> 
> Assuming we can sort out the SELinux userspace and and tests by the
> end of January, I see no reason why this couldn't go in for v4.11.

Daniel, can you work with people on the userspace and tests?  I'll pull
this into a branch (I assume by Paul's and Stephen's comments that they
expect it to go through my tree) ready to go, but hold actually
submitting it in the merge window until I've heard more from you all
that userspace is ready.

-- 
Doug Ledford <dledford@redhat.com>
    GPG KeyID: B826A3330E572FDD
   
Key fingerprint = AE6B 1BDA 122B 23B4 265B  1274 B826 A333 0E57 2FDD

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

next prev parent reply	other threads:[~2017-01-24 21:40 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-23 14:17 [PATCH v6 0/9] SELinux support for Infiniband RDMA Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 2/9] IB/core: Enforce PKey security on QPs Dan Jurgens
     [not found] ` <1479910651-43246-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-11-23 14:17   ` [PATCH v6 1/9] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
2016-11-23 14:17   ` [PATCH v6 3/9] selinux lsm IB/core: Implement LSM notification system Dan Jurgens
     [not found]     ` <1479910651-43246-4-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-12-13 14:29       ` Stephen Smalley
2016-12-13 14:38         ` Daniel Jurgens
2016-11-23 14:17   ` [PATCH v6 7/9] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-12-12 21:38   ` [PATCH v6 0/9] SELinux support for Infiniband RDMA Doug Ledford
2016-12-13 15:04   ` Stephen Smalley
2016-12-13 16:25     ` Daniel Jurgens
2016-12-13 22:17       ` Paul Moore
2017-01-24 21:40         ` Doug Ledford [this message]
     [not found]           ` <1485294015.43764.91.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-24 21:45             ` Doug Ledford
2017-01-24 22:40               ` Daniel Jurgens
     [not found]                 ` <VI1PR0501MB242933AC0EC458EAD2792560C4750-o1MPJYiShEyB6Z+oivrBG8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-01-25  3:08                   ` Doug Ledford
2017-01-25  7:58             ` Paul Moore
     [not found]               ` <CAHC9VhTfuftm1oyiBOa4Fx4L-12eX8MCySiS1H98yroCuuoieA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-01-25 17:25                 ` Doug Ledford
     [not found]                   ` <1485365121.2432.6.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-25 22:14                     ` Paul Moore
2017-05-03 14:41   ` Paul Moore
2017-05-03 19:45     ` Daniel Jurgens
2017-05-04 15:51       ` Paul Moore
2017-05-17 21:23         ` Paul Moore
2016-11-23 14:17 ` [PATCH v6 4/9] IB/core: Enforce security on management datagrams Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 5/9] selinux: Create policydb version for Infiniband support Dan Jurgens
     [not found]   ` <1479910651-43246-6-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-12-13 14:38     ` Stephen Smalley
2016-12-13 14:40       ` Daniel Jurgens
2016-11-23 14:17 ` [PATCH v6 6/9] selinux: Allocate and free infiniband security hooks Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 8/9] selinux: Add IB Port SMP access vector Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 9/9] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1485294015.43764.91.camel@redhat.com \
    --to=dledford@redhat.com \
    --cc=chrisw@sous-sol.org \
    --cc=danielj@mellanox.com \
    --cc=eparis@parisplace.org \
    --cc=hal.rosenstock@gmail.com \
    --cc=linux-rdma@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=sds@tycho.nsa.gov \
    --cc=sean.hefty@intel.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox