From: James Morris <jmorris@namei.org>
To: Dan Jurgens <danielj@mellanox.com>
Cc: chrisw@sous-sol.org, paul@paul-moore.com, sds@tycho.nsa.gov,
eparis@parisplace.org, dledford@redhat.com, sean.hefty@intel.com,
hal.rosenstock@gmail.com, selinux@tycho.nsa.gov,
linux-security-module@vger.kernel.org,
linux-rdma@vger.kernel.org, yevgenyp@mellanox.com
Subject: Re: [PATCH v7 3/9] selinux lsm IB/core: Implement LSM notification system
Date: Mon, 22 May 2017 10:15:21 +1000 (AEST) [thread overview]
Message-ID: <alpine.LRH.2.20.1705221014400.3502@namei.org> (raw)
In-Reply-To: <1495198139-69993-4-git-send-email-danielj@mellanox.com>
On Fri, 19 May 2017, Dan Jurgens wrote:
> From: Daniel Jurgens <danielj@mellanox.com>
>
> Add a generic notificaiton mechanism in the LSM. Interested consumers
> can register a callback with the LSM and security modules can produce
> events.
>
> Because access to Infiniband QPs are enforced in the setup phase of a
> connection security should be enforced again if the policy changes.
> Register infiniband devices for policy change notification and check all
> QPs on that device when the notification is received.
>
> Add a call to the notification mechanism from SELinux when the AVC
> cache changes or setenforce is cleared.
>
> Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Acked-by: James Morris <james.l.morris@oracle.com>
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2017-05-22 0:15 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-19 12:48 [PATCH v7 0/9] SELinux support for Infiniband RDMA Dan Jurgens
2017-05-19 12:48 ` [PATCH v7 1/9] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
2017-05-21 23:56 ` James Morris
2017-05-19 12:48 ` [PATCH v7 2/9] IB/core: Enforce PKey security on QPs Dan Jurgens
[not found] ` <1495198139-69993-3-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-05-19 19:13 ` Paul Moore
2017-05-22 0:13 ` James Morris
2017-05-22 10:42 ` Daniel Jurgens
[not found] ` <VI1PR05MB167814F66EEF8A1BD77C793AC4F80-79XLn2atqDOzmZAjKwT+HdqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2017-05-22 20:59 ` Paul Moore
[not found] ` <1495198139-69993-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-05-19 12:48 ` [PATCH v7 3/9] selinux lsm IB/core: Implement LSM notification system Dan Jurgens
2017-05-22 0:15 ` James Morris [this message]
2017-05-19 12:48 ` [PATCH v7 4/9] IB/core: Enforce security on management datagrams Dan Jurgens
2017-05-19 19:21 ` Paul Moore
2017-05-19 23:57 ` Daniel Jurgens
2017-05-19 12:48 ` [PATCH v7 6/9] selinux: Allocate and free infiniband security hooks Dan Jurgens
2017-05-22 0:26 ` James Morris
2017-05-19 12:48 ` [PATCH v7 8/9] selinux: Add IB Port SMP access vector Dan Jurgens
[not found] ` <1495198139-69993-9-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-05-22 0:32 ` James Morris
2017-05-19 12:48 ` [PATCH v7 5/9] selinux: Create policydb version for Infiniband support Dan Jurgens
2017-05-22 0:24 ` James Morris
2017-05-19 12:48 ` [PATCH v7 7/9] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
[not found] ` <1495198139-69993-8-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-05-22 0:31 ` James Morris
2017-05-19 12:48 ` [PATCH v7 9/9] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
2017-05-19 16:47 ` [PATCH v7 0/9] SELinux support for Infiniband RDMA Daniel Jurgens
2017-05-19 19:35 ` Paul Moore
2017-05-20 0:10 ` Daniel Jurgens
[not found] ` <CAHC9VhQtw4fFrCdKcznHrLDkAJVDhi=y9dYMxtOP23XVKq+rCw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-20 11:56 ` Doug Ledford
2017-05-22 0:35 ` James Morris
2017-05-22 10:50 ` Daniel Jurgens
[not found] ` <alpine.LRH.2.20.1705221033550.3502-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org>
2017-05-22 19:14 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.20.1705221014400.3502@namei.org \
--to=jmorris@namei.org \
--cc=chrisw@sous-sol.org \
--cc=danielj@mellanox.com \
--cc=dledford@redhat.com \
--cc=eparis@parisplace.org \
--cc=hal.rosenstock@gmail.com \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=sean.hefty@intel.com \
--cc=selinux@tycho.nsa.gov \
--cc=yevgenyp@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox