From: Yuval Shaia <yuval.shaia-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
To: Dan Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org,
paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org,
sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org,
dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org
Subject: Re: [PATCH 01/12] security: Add LSM hooks for Infiniband security
Date: Thu, 30 Jun 2016 17:57:58 +0300 [thread overview]
Message-ID: <20160630145754.GA22107@yuval-lap.uk.oracle.com> (raw)
In-Reply-To: <1466711578-64398-2-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
On Thu, Jun 23, 2016 at 10:52:47PM +0300, Dan Jurgens wrote:
> From: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>
> Add nine new hooks
> 1. Allocate security contexts for Infiniband QPs.
> 2. Free security contexts for Infiniband QPs.
> 3. Allocate security contexts for Infiniband MAD agents.
> 4. Free security contexts for Infiniband MAD agents.
> 5. Enforce QP access to Pkeys
> 6. Enforce MAD agent access to Pkeys
> 7. Enforce MAD agent access to Infiniband End Ports for sending Subnet
> Management Packets (SMP)
> 8. A hook to register a callback to receive notifications of
> security policy or enforcement changes. Restricting a QPs access to
> a pkey will be done during setup and not on a per packet basis
> access must be enforced again.
> 9. A hook to unregister the callback.
>
> Signed-off-by: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
> Reviewed-by: Eli Cohen <eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
> ---
> include/linux/lsm_hooks.h | 71 ++++++++++++++++++++++++++++++++++++++++
> include/linux/security.h | 63 +++++++++++++++++++++++++++++++++++
> include/rdma/ib_verbs.h | 4 +++
> security/Kconfig | 9 +++++
> security/security.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++
> 5 files changed, 230 insertions(+)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 7ae3976..6b47c8d 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -8,6 +8,7 @@
> * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
> * Copyright (C) 2015 Intel Corporation.
> * Copyright (C) 2015 Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
> + * Copyright (C) 2016 Mellanox Techonologies
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License as published by
> @@ -876,6 +877,50 @@
> * associated with the TUN device's security structure.
> * @security pointer to the TUN devices's security structure.
> *
> + * Security hooks for Infiniband
> + *
> + * @ib_qp_pkey_access:
> + * Check permission to access a pkey when modifing a QP.
> + * @subnet_prefix the subnet prefix of the port being used.
> + * @pkey the pkey to be accessed.
> + * @qp_sec pointer to the ib_qp_security structure.
> + * @ib_mad_agent_pkey_access:
> + * Check permission to access a pkey when transmiting and receiving MADS.
> + * @subnet_prefix the subnet prefix of the port being used.
> + * @pkey the pkey to be accessed.
> + * @mad_agent pointer to the ib_mad_agent structure.
> + * @ib_end_port_smp:
> + * Check permissions to send and receive SMPs on a end port.
> + * @dev_name the IB device name (i.e. mlx4_0).
> + * @port_num the port number.
> + * @mad_agent pointer to the ib_mad_agent structure.
> + * @ib_qp_alloc_security:
> + * Allocate and attach a security structure to the qp_sec->q_security
> + * field. The q_security field is initialized to NULL when the structure
> + * is allocated. A separate QP security structure is used instead of the
> + * QP structure because when a QP is destroyed the memory is freed by the
> + * hardware driver. That operation can fail so the security info must be
> + * maintained until the destroy completes successfully.
> + * @qp_sec contains the ib_qp_security structure to be modified.
> + * Return 0 if operation was successful.
> + * @ib_mad_agent_alloc_security:
> + * Allocate and attach a security structure to the mad_agent->m_security
> + * field. The m_security field is initialized to NULL when the structure
> + * is allocated.
> + * @mad_agent contains the ib_mad_agent structure to be modified.
> + * Return 0 if operation was successful.
> + * @ib_qp_free_security:
> + * Deallocate and clear the qp_sec->q_security field.
> + * @qp_sec contains the ib_qp_security structure to be modified.
> + * @ib_mad_agent_free_security:
> + * Deallocate and clear the mad_agent->m_security field.
> + * @mad_agent contains the ib_mad_agent structure to be modified.
> + * @register_ib_flush_callback:
> + * Provide a way for security modules to notify ib_core of policy changes.
> + * @callback function pointer to call when policy changes.
> + * @unregister_ib_flush_callback:
> + * Unregister the callback function.
> + *
> * Security hooks for XFRM operations.
> *
> * @xfrm_policy_alloc_security:
> @@ -1579,6 +1624,21 @@ union security_list_options {
> int (*tun_dev_open)(void *security);
> #endif /* CONFIG_SECURITY_NETWORK */
>
> +#ifdef CONFIG_SECURITY_INFINIBAND
> + int (*ib_qp_pkey_access)(u64 subnet_prefix, u16 pkey,
> + struct ib_qp_security *qp_sec);
> + int (*ib_mad_agent_pkey_access)(u64 subnet_prefix, u16 pkey,
> + struct ib_mad_agent *mad_agent);
> + int (*ib_end_port_smp)(const char *dev_name, u8 port,
> + struct ib_mad_agent *mad_agent);
> + int (*ib_qp_alloc_security)(struct ib_qp_security *qp_sec);
> + int (*ib_mad_agent_alloc_security)(struct ib_mad_agent *mad_agent);
> + void (*ib_qp_free_security)(struct ib_qp_security *qp_sec);
> + void (*ib_mad_agent_free_security)(struct ib_mad_agent *mad_agent);
> + void (*register_ib_flush_callback)(void (*callback)(void));
> + void (*unregister_ib_flush_callback)(void);
> +#endif /* CONFIG_SECURITY_INFINIBAND */
> +
> #ifdef CONFIG_SECURITY_NETWORK_XFRM
> int (*xfrm_policy_alloc_security)(struct xfrm_sec_ctx **ctxp,
> struct xfrm_user_sec_ctx *sec_ctx,
> @@ -1806,6 +1866,17 @@ struct security_hook_heads {
> struct list_head tun_dev_attach;
> struct list_head tun_dev_open;
> #endif /* CONFIG_SECURITY_NETWORK */
> +#ifdef CONFIG_SECURITY_INFINIBAND
> + struct list_head ib_qp_pkey_access;
> + struct list_head ib_mad_agent_pkey_access;
> + struct list_head ib_end_port_smp;
> + struct list_head ib_qp_alloc_security;
> + struct list_head ib_qp_free_security;
> + struct list_head ib_mad_agent_alloc_security;
> + struct list_head ib_mad_agent_free_security;
> + struct list_head register_ib_flush_callback;
> + struct list_head unregister_ib_flush_callback;
> +#endif /* CONFIG_SECURITY_INFINIBAND */
> #ifdef CONFIG_SECURITY_NETWORK_XFRM
> struct list_head xfrm_policy_alloc_security;
> struct list_head xfrm_policy_clone_security;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 14df373..a75d3e6 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -6,6 +6,7 @@
> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley-M06CiZnz2FM@public.gmane.org>
> * Copyright (C) 2001 James Morris <jmorris-G2x6lROWQUcJY7gZg3T8ig@public.gmane.org>
> * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
> + * Copyright (C) 2016 Mellanox Techonologies
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License as published by
> @@ -55,6 +56,8 @@ struct msg_queue;
> struct xattr;
> struct xfrm_sec_ctx;
> struct mm_struct;
> +struct ib_qp_security;
> +struct ib_mad_agent;
>
> /* If capable should audit the security request */
> #define SECURITY_CAP_NOAUDIT 0
> @@ -1370,6 +1373,66 @@ static inline int security_tun_dev_open(void *security)
> }
> #endif /* CONFIG_SECURITY_NETWORK */
>
> +#ifdef CONFIG_SECURITY_INFINIBAND
> +int security_ib_qp_pkey_access(u64 subnet_prefix, u16 pkey,
> + struct ib_qp_security *qp_sec);
> +int security_ib_mad_agent_pkey_access(u64 subnet_prefix, u16 pkey,
> + struct ib_mad_agent *mad_agent);
> +int security_ib_end_port_smp(const char *name, u8 port,
> + struct ib_mad_agent *mad_agent);
> +int security_ib_qp_alloc_security(struct ib_qp_security *qp_sec);
> +void security_ib_qp_free_security(struct ib_qp_security *qp_sec);
> +int security_ib_mad_agent_alloc_security(struct ib_mad_agent *mad_agent);
> +void security_ib_mad_agent_free_security(struct ib_mad_agent *mad_agent);
> +void security_register_ib_flush_callback(void (*callback)(void));
> +void security_unregister_ib_flush_callback(void);
> +#else /* CONFIG_SECURITY_INFINIBAND */
> +static inline int security_ib_qp_pkey_access(u64 subnet_prefix, u16 pkey,
> + struct ib_qp_security *qp_sec)
> +{
> + return 0;
> +}
> +
> +static inline int security_ib_mad_agent_pkey_access(u64 subnet_prefix,
> + u16 pkey,
> + struct ib_mad_agent *mad_agent)
> +{
> + return 0;
> +}
> +
> +static inline int security_ib_end_port_smp(const char *dev_name, u8 port,
> + struct ib_mad_agent *mad_agent)
> +{
> + return 0;
> +}
> +
> +static inline int security_ib_qp_alloc_security(struct ib_qp_security *qp_sec)
> +{
> + return 0;
> +}
> +
> +static inline void security_ib_qp_free_security(struct ib_qp_security *qp_sec)
> +{
> +}
> +
> +static inline int security_ib_mad_agent_alloc_security(struct ib_mad_agent *mad_agent)
More than 80 characters
> +{
> + return 0;
> +}
> +
> +static inline void security_ib_mad_agent_free_security(struct ib_mad_agent *mad_agent)
More than 80 characters
> +{
> +}
> +
> +static inline void security_register_ib_flush_callback(void (*callback)(void))
> +{
> +}
> +
> +static inline void security_unregister_ib_flush_callback(void)
> +{
> +}
> +#endif /* CONFIG_SECURITY_INFINIBAND */
> +
> #ifdef CONFIG_SECURITY_NETWORK_XFRM
>
> int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
> diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
> index 432bed5..3f6780b 100644
> --- a/include/rdma/ib_verbs.h
> +++ b/include/rdma/ib_verbs.h
> @@ -1428,6 +1428,10 @@ struct ib_srq {
> } ext;
> };
>
> +struct ib_qp_security {
> + void *q_security;
> +};
> +
> struct ib_qp {
> struct ib_device *device;
> struct ib_pd *pd;
> diff --git a/security/Kconfig b/security/Kconfig
> index 176758c..ce965c6 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -49,6 +49,15 @@ config SECURITY_NETWORK
> implement socket and networking access controls.
> If you are unsure how to answer this question, answer N.
>
> +config SECURITY_INFINIBAND
> + bool "Infiniband Security Hooks"
> + depends on SECURITY && INFINIBAND
> + help
> + This enables the Infiniband security hooks.
> + If enabled, a security module can use these hooks to
> + implement Infiniband access controls.
> + If you are unsure how to answer this question, answer N.
> +
> config SECURITY_NETWORK_XFRM
> bool "XFRM (IPSec) Networking Security Hooks"
> depends on XFRM && SECURITY_NETWORK
> diff --git a/security/security.c b/security/security.c
> index 7095693..d75a0e9 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -4,6 +4,7 @@
> * Copyright (C) 2001 WireX Communications, Inc <chris-ZMHXrckZAt0AvxtiuMwx3w@public.gmane.org>
> * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley-M06CiZnz2FM@public.gmane.org>
> + * Copyright (C) 2016 Mellanox Technologies
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License as published by
> @@ -1399,6 +1400,67 @@ EXPORT_SYMBOL(security_tun_dev_open);
>
> #endif /* CONFIG_SECURITY_NETWORK */
>
> +#ifdef CONFIG_SECURITY_INFINIBAND
> +
> +int security_ib_qp_pkey_access(u64 subnet_prefix, u16 pkey,
> + struct ib_qp_security *qp_sec)
> +{
> + return call_int_hook(ib_qp_pkey_access, 0, subnet_prefix, pkey, qp_sec);
> +}
> +EXPORT_SYMBOL(security_ib_qp_pkey_access);
> +
> +int security_ib_mad_agent_pkey_access(u64 subnet_prefix, u16 pkey,
> + struct ib_mad_agent *mad_agent)
> +{
> + return call_int_hook(ib_mad_agent_pkey_access, 0, subnet_prefix, pkey, mad_agent);
More than 80 characters
> +}
> +EXPORT_SYMBOL(security_ib_mad_agent_pkey_access);
> +
> +int security_ib_end_port_smp(const char *dev_name, u8 port,
> + struct ib_mad_agent *mad_agent)
> +{
> + return call_int_hook(ib_end_port_smp, 0, dev_name, port, mad_agent);
> +}
> +EXPORT_SYMBOL(security_ib_end_port_smp);
> +
> +int security_ib_qp_alloc_security(struct ib_qp_security *qp_sec)
> +{
> + return call_int_hook(ib_qp_alloc_security, 0, qp_sec);
> +}
> +EXPORT_SYMBOL(security_ib_qp_alloc_security);
> +
> +void security_ib_qp_free_security(struct ib_qp_security *qp_sec)
> +{
> + call_void_hook(ib_qp_free_security, qp_sec);
> +}
> +EXPORT_SYMBOL(security_ib_qp_free_security);
> +
> +int security_ib_mad_agent_alloc_security(struct ib_mad_agent *mad_agent)
> +{
> + return call_int_hook(ib_mad_agent_alloc_security, 0, mad_agent);
> +}
> +EXPORT_SYMBOL(security_ib_mad_agent_alloc_security);
> +
> +void security_ib_mad_agent_free_security(struct ib_mad_agent *mad_agent)
> +{
> + call_void_hook(ib_mad_agent_free_security, mad_agent);
> +}
> +EXPORT_SYMBOL(security_ib_mad_agent_free_security);
> +
> +void security_register_ib_flush_callback(void (*callback)(void))
> +{
> + call_void_hook(register_ib_flush_callback, callback);
> +}
> +EXPORT_SYMBOL(security_register_ib_flush_callback);
> +
> +void security_unregister_ib_flush_callback(void)
> +{
> + call_void_hook(unregister_ib_flush_callback);
> +}
> +EXPORT_SYMBOL(security_unregister_ib_flush_callback);
> +
> +#endif /* CONFIG_SECURITY_INFINIBAND */
> +
> #ifdef CONFIG_SECURITY_NETWORK_XFRM
>
> int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
> @@ -1850,6 +1912,27 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.tun_dev_attach),
> .tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open),
> #endif /* CONFIG_SECURITY_NETWORK */
> +
> +#ifdef CONFIG_SECURITY_INFINIBAND
> + .ib_qp_pkey_access =
> + LIST_HEAD_INIT(security_hook_heads.ib_qp_pkey_access),
> + .ib_mad_agent_pkey_access =
> + LIST_HEAD_INIT(security_hook_heads.ib_mad_agent_pkey_access),
> + .ib_end_port_smp = LIST_HEAD_INIT(security_hook_heads.ib_end_port_smp),
> + .ib_qp_alloc_security =
> + LIST_HEAD_INIT(security_hook_heads.ib_qp_alloc_security),
> + .ib_qp_free_security =
> + LIST_HEAD_INIT(security_hook_heads.ib_qp_free_security),
> + .ib_mad_agent_alloc_security =
> + LIST_HEAD_INIT(security_hook_heads.ib_mad_agent_alloc_security),
> + .ib_mad_agent_free_security =
> + LIST_HEAD_INIT(security_hook_heads.ib_mad_agent_free_security),
> + .register_ib_flush_callback =
> + LIST_HEAD_INIT(security_hook_heads.register_ib_flush_callback),
> + .unregister_ib_flush_callback =
> + LIST_HEAD_INIT(security_hook_heads.unregister_ib_flush_callback),
> +#endif /* CONFIG_SECURITY_INFINIBAND */
> +
> #ifdef CONFIG_SECURITY_NETWORK_XFRM
> .xfrm_policy_alloc_security =
> LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security),
> --
> 1.8.3.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-06-30 14:57 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-23 19:52 [PATCH 00/12] SELinux support for Infiniband RDMA Dan Jurgens
2016-06-23 19:52 ` [PATCH 01/12] security: Add LSM hooks for Infiniband security Dan Jurgens
[not found] ` <1466711578-64398-2-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 14:57 ` Yuval Shaia [this message]
2016-06-30 20:27 ` Paul Moore
2016-06-30 21:09 ` Daniel Jurgens
2016-06-30 21:27 ` Paul Moore
2016-06-30 21:34 ` Daniel Jurgens
2016-06-30 20:33 ` Paul Moore
2016-06-30 21:27 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257674DEA1F81F53A35AC21C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:30 ` Paul Moore
2016-06-23 19:52 ` [PATCH 02/12] selinux: Create policydb version for Infiniband support Dan Jurgens
[not found] ` <1466711578-64398-3-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:01 ` Yuval Shaia
[not found] ` <20160630150140.GB22107-Hxa29pjIrETlQW142y8m19+IiqhCXseY@public.gmane.org>
2016-07-01 12:50 ` Leon Romanovsky
2016-07-01 13:49 ` Daniel Jurgens
[not found] ` <DB6PR0501MB2261C7D467873122250A1F3EC4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 20:48 ` Leon Romanovsky
2016-06-30 20:17 ` Paul Moore
2016-06-30 20:59 ` Daniel Jurgens
[not found] ` <AM4PR0501MB22579221434714783B0AFC68C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:18 ` Paul Moore
2016-06-30 21:32 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257CB8E6F84835315734487C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 21:37 ` Paul Moore
2016-06-23 19:52 ` [PATCH 10/12] IB/core: Enforce PKey security on management datagrams Dan Jurgens
2016-06-29 17:33 ` [PATCH 00/12] SELinux support for Infiniband RDMA Paul Moore
2016-06-29 19:09 ` Daniel Jurgens
[not found] ` <DB6PR0501MB22611E2BA664DD033571AEDEC4230-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 15:18 ` Paul Moore
[not found] ` <1466711578-64398-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-23 19:52 ` [PATCH 03/12] selinux: Implement Infiniband flush callback Dan Jurgens
[not found] ` <1466711578-64398-4-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:10 ` Yuval Shaia
2016-06-30 15:44 ` Daniel Jurgens
[not found] ` <AM4PR0501MB22578AA5FF8B4062F650C581C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-06-30 19:52 ` Paul Moore
[not found] ` <CAGH-Kgtn0EFxYc+UOvVQk-0Bco0oOG=STZA+aGYza4TmbNXq3A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-30 20:16 ` Casey Schaufler
[not found] ` <13cf2b8b-1d4e-e61f-80fe-110af2a719cf-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2016-06-30 20:24 ` Paul Moore
2016-06-30 20:39 ` Daniel Jurgens
2016-06-23 19:52 ` [PATCH 04/12] selinux: Allocate and free infiniband security hooks Dan Jurgens
[not found] ` <1466711578-64398-5-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:15 ` Yuval Shaia
2016-06-30 20:42 ` Paul Moore
[not found] ` <CAGH-KgvtN8T7e5bKq0jJZvSzrGfFwA2VpmPf5gJuqdLZi6odEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-30 21:06 ` Casey Schaufler
2016-06-30 21:48 ` Daniel Jurgens
[not found] ` <AM4PR0501MB2257ADAB527392547179F779C4240-dp/nxUn679hpbkYrVjfdjcDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 18:54 ` Paul Moore
2016-07-01 18:59 ` Daniel Jurgens
2016-07-01 19:17 ` Paul Moore
2016-07-01 20:13 ` Casey Schaufler
2016-07-01 20:46 ` Daniel Jurgens
[not found] ` <DB6PR0501MB226138FF74D031F6BD1C48C6C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 21:16 ` Casey Schaufler
2016-07-01 22:15 ` Paul Moore
2016-06-23 19:52 ` [PATCH 05/12] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
[not found] ` <1466711578-64398-6-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:23 ` Yuval Shaia
2016-06-30 15:35 ` Daniel Jurgens
2016-07-01 16:29 ` Paul Moore
2016-07-01 18:21 ` Daniel Jurgens
2016-07-01 18:58 ` Paul Moore
2016-07-01 19:16 ` Daniel Jurgens
[not found] ` <DB6PR0501MB22614C80007D7408544B4B30C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 19:26 ` Paul Moore
2016-07-01 19:57 ` Daniel Jurgens
[not found] ` <DB6PR0501MB2261C903AB4CE9644604B9E8C4250-wTfl6qNNZ1NK98U9gK7MJ8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2016-07-01 20:42 ` Paul Moore
2016-07-11 14:46 ` Stephen Smalley
2016-07-11 19:03 ` Daniel Jurgens
[not found] ` <1c637b46-7352-b369-4891-4b695ff80b3b-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2016-07-12 20:28 ` Paul Moore
2016-06-23 19:52 ` [PATCH 06/12] selinux: Add IB End Port SMP " Dan Jurgens
2016-06-30 15:31 ` Yuval Shaia
[not found] ` <1466711578-64398-7-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-07-01 18:48 ` Paul Moore
2016-06-23 19:52 ` [PATCH 07/12] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
[not found] ` <1466711578-64398-8-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-23 21:59 ` kbuild test robot
2016-06-30 15:41 ` Yuval Shaia
2016-07-01 18:51 ` Paul Moore
2016-06-23 19:52 ` [PATCH 08/12] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
[not found] ` <1466711578-64398-9-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-06-30 15:47 ` Yuval Shaia
2016-06-23 19:52 ` [PATCH 09/12] IB/core: Enforce PKey security on QPs Dan Jurgens
2016-06-23 19:52 ` [PATCH 11/12] IB/core: Enforce Infiniband device SMI security Dan Jurgens
2016-06-23 19:52 ` [PATCH 12/12] IB/core: Implement the Infiniband flush callback Dan Jurgens
2016-06-30 14:43 ` [PATCH 00/12] SELinux support for Infiniband RDMA Yuval Shaia
2016-06-30 14:47 ` Daniel Jurgens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160630145754.GA22107@yuval-lap.uk.oracle.com \
--to=yuval.shaia-qhclzuegtsvqt0dzr+alfa@public.gmane.org \
--cc=chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org \
--cc=danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org \
--cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox