Re: [PATCH v6 0/9] SELinux support for Infiniband RDMA

[Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]

[-- Attachment #1: Type: text/plain, Size: 2913 bytes --]

On Wed, 2017-01-25 at 02:58 -0500, Paul Moore wrote:
> On Tue, Jan 24, 2017 at 4:40 PM, Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> wrote:
> > 
> > On Tue, 2016-12-13 at 17:17 -0500, Paul Moore wrote:
> > > 
> > > On Tue, Dec 13, 2016 at 11:25 AM, Daniel Jurgens <danielj@mellano
> > > x.co
> > > m> wrote:
> > > > 
> > > > 
> > > > On 12/13/2016 9:01 AM, Stephen Smalley wrote:
> > > > > 
> > > > > 
> > > > > For the LSM/SELinux bits,
> > > > > Acked-by: Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
> > > > > 
> > > > > Note that there will be a merge conflict on classmap.h due to
> > > > > commits in
> > > > > the selinux next branch, but that should be easy to resolve.
> > > > > 
> > > > > We'll need the patches for the selinux userspace and
> > > > > refpolicy.
> > > > 
> > > > Thanks Stephen, I need to rebase the user space and do some
> > > > patch
> > > > breakup.  I'll start on that soon.
> > > 
> > > Sorry, I haven't had a chance to look at v6, but considering all
> > > our
> > > discussions on the previous versions I don't expect any issues
> > > from
> > > me.  I was hoping for some more generic hooks/controls, but that
> > > doesn't look to be possible given the nature of RDMA.  I also
> > > want to
> > > mention again the need for tests; we've talked about this in the
> > > past
> > > and while it isn't possible to run the tests without IB hardware,
> > > I
> > > would like to see us merge tests into the selinux-testsuite so
> > > that
> > > those who do have the required h/w available could run the tests.
> > > 
> > > Assuming we can sort out the SELinux userspace and and tests by
> > > the
> > > end of January, I see no reason why this couldn't go in for
> > > v4.11.
> > 
> > Daniel, can you work with people on the userspace and tests?  I'll
> > pull
> > this into a branch (I assume by Paul's and Stephen's comments that
> > they
> > expect it to go through my tree) ready to go, but hold actually
> > submitting it in the merge window until I've heard more from you
> > all
> > that userspace is ready.
> 
> I don't have a problem pulling this in via the SELinux tree, assuming
> you are okay with that Doug.  I'm just waiting to see tests for the
> selinux-testsuite first.

When I tried to apply the patchset, the conflicts started on the very
first file of the very first patch.  It can go through your tree, but I
suspect there will be lots of conflicts that way as this upcoming
release has been touching the cache area of the IB stack and so does
this code.  There might be significant SELinux conflicts too, I don't
know, but we know there are IB ones so far.

-- 
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
    GPG KeyID: B826A3330E572FDD
   
Key fingerprint = AE6B 1BDA 122B 23B4 265B  1274 B826 A333 0E57 2FDD

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]