Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
On 5/16/2017 2:10 PM, Stephen Smalley wrote: > On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: >> From: Daniel Jurgens>> >> Update libsepol and libsemanage to work with pkey records. Add local >> storage for new and modified pkey records in pkeys.local. Update >> semanage >> to parse the pkey command options to add, modify, and delete pkeys. >> >> Signed-off-by: Daniel Jurgens >> >> --- >> v1: >> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow >> in >> seobject.py >> >> Stephen Smalley: >> - Subnet prefix can't vary in size always 16 bytes, remove size >> field. >> - Removed extraneous change in libsepol/VERSION >> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. >> - Got rid of magic constant for subnet prefix size. >> >> Jason Zaman: >> - Use SETools directly to query types in seobject.py. >> >> Signed-off-by: Daniel Jurgens >> --- >> libsemanage/include/semanage/ibpkey_record.h | 76 + >> libsemanage/include/semanage/ibpkeys_local.h | 36 +++ >> libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ >> libsemanage/include/semanage/semanage.h | 3 + >> libsemanage/src/direct_api.c | 29 +- >> libsemanage/src/handle.h | 36 ++- >> libsemanage/src/ibpkey_internal.h | 52 +++ >> libsemanage/src/ibpkey_record.c | 185 +++ >> libsemanage/src/ibpkeys_file.c| 181 +++ >> libsemanage/src/ibpkeys_local.c | 178 ++ >> libsemanage/src/ibpkeys_policy.c | 52 +++ >> libsemanage/src/ibpkeys_policydb.c| 62 >> libsemanage/src/libsemanage.map | 1 + >> libsemanage/src/policy_components.c | 5 +- >> libsemanage/src/semanage_store.c | 1 + >> libsemanage/src/semanage_store.h | 1 + >> libsemanage/src/semanageswig.i| 3 + >> libsemanage/src/semanageswig_python.i | 43 +++ >> libsemanage/utils/semanage_migrate_store | 3 +- >> libsepol/include/sepol/ibpkey_record.h| 77 + >> libsepol/include/sepol/ibpkeys.h | 44 +++ >> libsepol/include/sepol/sepol.h| 2 + >> libsepol/src/ibpkey_internal.h| 21 ++ >> libsepol/src/ibpkey_record.c | 448 >> ++ >> libsepol/src/ibpkeys.c| 263 +++ >> python/semanage/semanage | 60 +++- >> python/semanage/seobject.py | 255 +++ >> 27 files changed, 2129 insertions(+), 16 deletions(-) >> create mode 100644 libsemanage/include/semanage/ibpkey_record.h >> create mode 100644 libsemanage/include/semanage/ibpkeys_local.h >> create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h >> create mode 100644 libsemanage/src/ibpkey_internal.h >> create mode 100644 libsemanage/src/ibpkey_record.c >> create mode 100644 libsemanage/src/ibpkeys_file.c >> create mode 100644 libsemanage/src/ibpkeys_local.c >> create mode 100644 libsemanage/src/ibpkeys_policy.c >> create mode 100644 libsemanage/src/ibpkeys_policydb.c >> create mode 100644 libsepol/include/sepol/ibpkey_record.h >> create mode 100644 libsepol/include/sepol/ibpkeys.h >> create mode 100644 libsepol/src/ibpkey_internal.h >> create mode 100644 libsepol/src/ibpkey_record.c >> create mode 100644 libsepol/src/ibpkeys.c >> >> diff --git a/libsemanage/include/semanage/ibpkey_record.h >> b/libsemanage/include/semanage/ibpkey_record.h >> new file mode 100644 >> index 000..d76aaae >> --- /dev/null >> +++ b/libsemanage/include/semanage/ibpkey_record.h >> @@ -0,0 +1,76 @@ >> +/* Copyright (C) 2017 Mellanox Technologies Inc */ >> + >> +#ifndef _SEMANAGE_IBPKEY_RECORD_H_ >> +#define _SEMANAGE_IBPKEY_RECORD_H_ >> + >> +#include >> +#include >> +#include >> + >> +#ifndef _SEMANAGE_IBPKEY_DEFINED_ >> +struct semanage_ibpkey; >> +struct semanage_ibpkey_key; >> +typedef struct semanage_ibpkey semanage_ibpkey_t; >> +typedef struct semanage_ibpkey_key semanage_ibpkey_key_t; >> +#define _SEMANAGE_IBPKEY_DEFINED_ >> +#endif >> + >> +#define INET6_ADDRLEN 16 > We shouldn't expose this in a public header; it's an implementation > detail. Likely could/should define it as sizeof(struct in6_addr) to > ensure consistency? > >> +#define INET6_ADDRLEN 16 > Ditto Changed to sizeof(struct in6_addr) for these. >> +#ifdef DARWIN >> +memcpy(_addr[0], subnet_prefix_bytes, 16); >> +#else >> +memcpy(_addr32[0], subnet_prefix_bytes, 16); >> +#endif > Another case where you can drop #ifdef DARWIN and just use s6_addr. > Done
Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
On 5/16/2017 2:36 PM, Stephen Smalley wrote: > On Tue, 2017-05-16 at 19:34 +, Daniel Jurgens wrote: >> On 5/16/2017 2:30 PM, Stephen Smalley wrote: >>> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: From: Daniel JurgensUpdate libsepol and libsemanage to work with pkey records. Add local storage for new and modified pkey records in pkeys.local. Update semanage to parse the pkey command options to add, modify, and delete pkeys. Signed-off-by: Daniel Jurgens --- v1: Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow in seobject.py Stephen Smalley: - Subnet prefix can't vary in size always 16 bytes, remove size field. - Removed extraneous change in libsepol/VERSION - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. - Got rid of magic constant for subnet prefix size. Jason Zaman: - Use SETools directly to query types in seobject.py. Signed-off-by: Daniel Jurgens --- libsemanage/include/semanage/ibpkey_record.h | 76 + libsemanage/include/semanage/ibpkeys_local.h | 36 +++ libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ libsemanage/include/semanage/semanage.h | 3 + libsemanage/src/direct_api.c | 29 +- libsemanage/src/handle.h | 36 ++- libsemanage/src/ibpkey_internal.h | 52 +++ libsemanage/src/ibpkey_record.c | 185 +++ libsemanage/src/ibpkeys_file.c| 181 +++ libsemanage/src/ibpkeys_local.c | 178 ++ libsemanage/src/ibpkeys_policy.c | 52 +++ libsemanage/src/ibpkeys_policydb.c| 62 libsemanage/src/libsemanage.map | 1 + libsemanage/src/policy_components.c | 5 +- libsemanage/src/semanage_store.c | 1 + libsemanage/src/semanage_store.h | 1 + libsemanage/src/semanageswig.i| 3 + libsemanage/src/semanageswig_python.i | 43 +++ libsemanage/utils/semanage_migrate_store | 3 +- libsepol/include/sepol/ibpkey_record.h| 77 + libsepol/include/sepol/ibpkeys.h | 44 +++ libsepol/include/sepol/sepol.h| 2 + libsepol/src/ibpkey_internal.h| 21 ++ libsepol/src/ibpkey_record.c | 448 ++ libsepol/src/ibpkeys.c| 263 +++ python/semanage/semanage | 60 +++- python/semanage/seobject.py | 255 +++ 27 files changed, 2129 insertions(+), 16 deletions(-) create mode 100644 libsemanage/include/semanage/ibpkey_record.h create mode 100644 libsemanage/include/semanage/ibpkeys_local.h create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h create mode 100644 libsemanage/src/ibpkey_internal.h create mode 100644 libsemanage/src/ibpkey_record.c create mode 100644 libsemanage/src/ibpkeys_file.c create mode 100644 libsemanage/src/ibpkeys_local.c create mode 100644 libsemanage/src/ibpkeys_policy.c create mode 100644 libsemanage/src/ibpkeys_policydb.c create mode 100644 libsepol/include/sepol/ibpkey_record.h create mode 100644 libsepol/include/sepol/ibpkeys.h create mode 100644 libsepol/src/ibpkey_internal.h create mode 100644 libsepol/src/ibpkey_record.c create mode 100644 libsepol/src/ibpkeys.c diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index 7a54373..41b0aca 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -32,6 +32,7 @@ import socket from semanage import * PROGNAME = "policycoreutils" import sepolicy +import setools from IPy import IP try: @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords): rec += ", %s" % p print(rec) +class ibpkeyRecords(semanageRecords): +try: +q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_po licy ()), attrs=["ibpkey_type"]) +valid_types = sorted(str(t) for t in q.results()) +except RuntimeError: +valid_types = [] >>> This causes all semanage commands to fail (without a patched >>> refpolicy >>> to define ibpkey_type). >>> >>> Traceback (most recent call last): >>> File "/usr/sbin/semanage", line 28, in >>> import seobject >>> File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, >>> in >>> >>> class ibpkeyRecords(semanageRecords): >>> File
Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
On Tue, 2017-05-16 at 19:34 +, Daniel Jurgens wrote: > On 5/16/2017 2:30 PM, Stephen Smalley wrote: > > On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: > > > From: Daniel Jurgens> > > > > > Update libsepol and libsemanage to work with pkey records. Add > > > local > > > storage for new and modified pkey records in pkeys.local. Update > > > semanage > > > to parse the pkey command options to add, modify, and delete > > > pkeys. > > > > > > Signed-off-by: Daniel Jurgens > > > > > > --- > > > v1: > > > Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete > > > flow > > > in > > > seobject.py > > > > > > Stephen Smalley: > > > - Subnet prefix can't vary in size always 16 bytes, remove size > > > field. > > > - Removed extraneous change in libsepol/VERSION > > > - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. > > > - Got rid of magic constant for subnet prefix size. > > > > > > Jason Zaman: > > > - Use SETools directly to query types in seobject.py. > > > > > > Signed-off-by: Daniel Jurgens > > > --- > > > libsemanage/include/semanage/ibpkey_record.h | 76 + > > > libsemanage/include/semanage/ibpkeys_local.h | 36 +++ > > > libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ > > > libsemanage/include/semanage/semanage.h | 3 + > > > libsemanage/src/direct_api.c | 29 +- > > > libsemanage/src/handle.h | 36 ++- > > > libsemanage/src/ibpkey_internal.h | 52 +++ > > > libsemanage/src/ibpkey_record.c | 185 +++ > > > libsemanage/src/ibpkeys_file.c| 181 +++ > > > libsemanage/src/ibpkeys_local.c | 178 ++ > > > libsemanage/src/ibpkeys_policy.c | 52 +++ > > > libsemanage/src/ibpkeys_policydb.c| 62 > > > libsemanage/src/libsemanage.map | 1 + > > > libsemanage/src/policy_components.c | 5 +- > > > libsemanage/src/semanage_store.c | 1 + > > > libsemanage/src/semanage_store.h | 1 + > > > libsemanage/src/semanageswig.i| 3 + > > > libsemanage/src/semanageswig_python.i | 43 +++ > > > libsemanage/utils/semanage_migrate_store | 3 +- > > > libsepol/include/sepol/ibpkey_record.h| 77 + > > > libsepol/include/sepol/ibpkeys.h | 44 +++ > > > libsepol/include/sepol/sepol.h| 2 + > > > libsepol/src/ibpkey_internal.h| 21 ++ > > > libsepol/src/ibpkey_record.c | 448 > > > ++ > > > libsepol/src/ibpkeys.c| 263 > > > +++ > > > python/semanage/semanage | 60 +++- > > > python/semanage/seobject.py | 255 > > > +++ > > > 27 files changed, 2129 insertions(+), 16 deletions(-) > > > create mode 100644 libsemanage/include/semanage/ibpkey_record.h > > > create mode 100644 libsemanage/include/semanage/ibpkeys_local.h > > > create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h > > > create mode 100644 libsemanage/src/ibpkey_internal.h > > > create mode 100644 libsemanage/src/ibpkey_record.c > > > create mode 100644 libsemanage/src/ibpkeys_file.c > > > create mode 100644 libsemanage/src/ibpkeys_local.c > > > create mode 100644 libsemanage/src/ibpkeys_policy.c > > > create mode 100644 libsemanage/src/ibpkeys_policydb.c > > > create mode 100644 libsepol/include/sepol/ibpkey_record.h > > > create mode 100644 libsepol/include/sepol/ibpkeys.h > > > create mode 100644 libsepol/src/ibpkey_internal.h > > > create mode 100644 libsepol/src/ibpkey_record.c > > > create mode 100644 libsepol/src/ibpkeys.c > > > > > > diff --git a/python/semanage/seobject.py > > > b/python/semanage/seobject.py > > > index 7a54373..41b0aca 100644 > > > --- a/python/semanage/seobject.py > > > +++ b/python/semanage/seobject.py > > > @@ -32,6 +32,7 @@ import socket > > > from semanage import * > > > PROGNAME = "policycoreutils" > > > import sepolicy > > > +import setools > > > from IPy import IP > > > > > > try: > > > @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords): > > > rec += ", %s" % p > > > print(rec) > > > > > > +class ibpkeyRecords(semanageRecords): > > > +try: > > > +q = > > > setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_po > > > licy > > > ()), attrs=["ibpkey_type"]) > > > +valid_types = sorted(str(t) for t in q.results()) > > > +except RuntimeError: > > > +valid_types = [] > > > > This causes all semanage commands to fail (without a patched > > refpolicy > > to define ibpkey_type). > > > > Traceback (most recent call last): > > File "/usr/sbin/semanage", line 28, in > > import seobject > > File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, > > in > > > >
Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
On 5/16/2017 2:30 PM, Stephen Smalley wrote: > On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: >> From: Daniel Jurgens>> >> Update libsepol and libsemanage to work with pkey records. Add local >> storage for new and modified pkey records in pkeys.local. Update >> semanage >> to parse the pkey command options to add, modify, and delete pkeys. >> >> Signed-off-by: Daniel Jurgens >> >> --- >> v1: >> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow >> in >> seobject.py >> >> Stephen Smalley: >> - Subnet prefix can't vary in size always 16 bytes, remove size >> field. >> - Removed extraneous change in libsepol/VERSION >> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. >> - Got rid of magic constant for subnet prefix size. >> >> Jason Zaman: >> - Use SETools directly to query types in seobject.py. >> >> Signed-off-by: Daniel Jurgens >> --- >> libsemanage/include/semanage/ibpkey_record.h | 76 + >> libsemanage/include/semanage/ibpkeys_local.h | 36 +++ >> libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ >> libsemanage/include/semanage/semanage.h | 3 + >> libsemanage/src/direct_api.c | 29 +- >> libsemanage/src/handle.h | 36 ++- >> libsemanage/src/ibpkey_internal.h | 52 +++ >> libsemanage/src/ibpkey_record.c | 185 +++ >> libsemanage/src/ibpkeys_file.c| 181 +++ >> libsemanage/src/ibpkeys_local.c | 178 ++ >> libsemanage/src/ibpkeys_policy.c | 52 +++ >> libsemanage/src/ibpkeys_policydb.c| 62 >> libsemanage/src/libsemanage.map | 1 + >> libsemanage/src/policy_components.c | 5 +- >> libsemanage/src/semanage_store.c | 1 + >> libsemanage/src/semanage_store.h | 1 + >> libsemanage/src/semanageswig.i| 3 + >> libsemanage/src/semanageswig_python.i | 43 +++ >> libsemanage/utils/semanage_migrate_store | 3 +- >> libsepol/include/sepol/ibpkey_record.h| 77 + >> libsepol/include/sepol/ibpkeys.h | 44 +++ >> libsepol/include/sepol/sepol.h| 2 + >> libsepol/src/ibpkey_internal.h| 21 ++ >> libsepol/src/ibpkey_record.c | 448 >> ++ >> libsepol/src/ibpkeys.c| 263 +++ >> python/semanage/semanage | 60 +++- >> python/semanage/seobject.py | 255 +++ >> 27 files changed, 2129 insertions(+), 16 deletions(-) >> create mode 100644 libsemanage/include/semanage/ibpkey_record.h >> create mode 100644 libsemanage/include/semanage/ibpkeys_local.h >> create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h >> create mode 100644 libsemanage/src/ibpkey_internal.h >> create mode 100644 libsemanage/src/ibpkey_record.c >> create mode 100644 libsemanage/src/ibpkeys_file.c >> create mode 100644 libsemanage/src/ibpkeys_local.c >> create mode 100644 libsemanage/src/ibpkeys_policy.c >> create mode 100644 libsemanage/src/ibpkeys_policydb.c >> create mode 100644 libsepol/include/sepol/ibpkey_record.h >> create mode 100644 libsepol/include/sepol/ibpkeys.h >> create mode 100644 libsepol/src/ibpkey_internal.h >> create mode 100644 libsepol/src/ibpkey_record.c >> create mode 100644 libsepol/src/ibpkeys.c >> >> diff --git a/python/semanage/seobject.py >> b/python/semanage/seobject.py >> index 7a54373..41b0aca 100644 >> --- a/python/semanage/seobject.py >> +++ b/python/semanage/seobject.py >> @@ -32,6 +32,7 @@ import socket >> from semanage import * >> PROGNAME = "policycoreutils" >> import sepolicy >> +import setools >> from IPy import IP >> >> try: >> @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords): >> rec += ", %s" % p >> print(rec) >> >> +class ibpkeyRecords(semanageRecords): >> +try: >> +q = >> setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy >> ()), attrs=["ibpkey_type"]) >> +valid_types = sorted(str(t) for t in q.results()) >> +except RuntimeError: >> +valid_types = [] > This causes all semanage commands to fail (without a patched refpolicy > to define ibpkey_type). > > Traceback (most recent call last): > File "/usr/sbin/semanage", line 28, in > import seobject > File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, in > > class ibpkeyRecords(semanageRecords): > File "/usr/lib64/python2.7/site-packages/seobject.py", line 1315, in > ibpkeyRecords > q = > setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy() > ), attrs=["ibpkey_type"]) > File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- > x86_64.egg/setools/typequery.py", line 72, in __init__ > super(TypeQuery, self).__init__(policy,
Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: > From: Daniel Jurgens> > Update libsepol and libsemanage to work with pkey records. Add local > storage for new and modified pkey records in pkeys.local. Update > semanage > to parse the pkey command options to add, modify, and delete pkeys. > > Signed-off-by: Daniel Jurgens > > --- > v1: > Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow > in > seobject.py > > Stephen Smalley: > - Subnet prefix can't vary in size always 16 bytes, remove size > field. > - Removed extraneous change in libsepol/VERSION > - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. > - Got rid of magic constant for subnet prefix size. > > Jason Zaman: > - Use SETools directly to query types in seobject.py. > > Signed-off-by: Daniel Jurgens > --- > libsemanage/include/semanage/ibpkey_record.h | 76 + > libsemanage/include/semanage/ibpkeys_local.h | 36 +++ > libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ > libsemanage/include/semanage/semanage.h | 3 + > libsemanage/src/direct_api.c | 29 +- > libsemanage/src/handle.h | 36 ++- > libsemanage/src/ibpkey_internal.h | 52 +++ > libsemanage/src/ibpkey_record.c | 185 +++ > libsemanage/src/ibpkeys_file.c| 181 +++ > libsemanage/src/ibpkeys_local.c | 178 ++ > libsemanage/src/ibpkeys_policy.c | 52 +++ > libsemanage/src/ibpkeys_policydb.c| 62 > libsemanage/src/libsemanage.map | 1 + > libsemanage/src/policy_components.c | 5 +- > libsemanage/src/semanage_store.c | 1 + > libsemanage/src/semanage_store.h | 1 + > libsemanage/src/semanageswig.i| 3 + > libsemanage/src/semanageswig_python.i | 43 +++ > libsemanage/utils/semanage_migrate_store | 3 +- > libsepol/include/sepol/ibpkey_record.h| 77 + > libsepol/include/sepol/ibpkeys.h | 44 +++ > libsepol/include/sepol/sepol.h| 2 + > libsepol/src/ibpkey_internal.h| 21 ++ > libsepol/src/ibpkey_record.c | 448 > ++ > libsepol/src/ibpkeys.c| 263 +++ > python/semanage/semanage | 60 +++- > python/semanage/seobject.py | 255 +++ > 27 files changed, 2129 insertions(+), 16 deletions(-) > create mode 100644 libsemanage/include/semanage/ibpkey_record.h > create mode 100644 libsemanage/include/semanage/ibpkeys_local.h > create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h > create mode 100644 libsemanage/src/ibpkey_internal.h > create mode 100644 libsemanage/src/ibpkey_record.c > create mode 100644 libsemanage/src/ibpkeys_file.c > create mode 100644 libsemanage/src/ibpkeys_local.c > create mode 100644 libsemanage/src/ibpkeys_policy.c > create mode 100644 libsemanage/src/ibpkeys_policydb.c > create mode 100644 libsepol/include/sepol/ibpkey_record.h > create mode 100644 libsepol/include/sepol/ibpkeys.h > create mode 100644 libsepol/src/ibpkey_internal.h > create mode 100644 libsepol/src/ibpkey_record.c > create mode 100644 libsepol/src/ibpkeys.c > > diff --git a/python/semanage/seobject.py > b/python/semanage/seobject.py > index 7a54373..41b0aca 100644 > --- a/python/semanage/seobject.py > +++ b/python/semanage/seobject.py > @@ -32,6 +32,7 @@ import socket > from semanage import * > PROGNAME = "policycoreutils" > import sepolicy > +import setools > from IPy import IP > > try: > @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords): > rec += ", %s" % p > print(rec) > > +class ibpkeyRecords(semanageRecords): > +try: > +q = > setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy > ()), attrs=["ibpkey_type"]) > +valid_types = sorted(str(t) for t in q.results()) > +except RuntimeError: > +valid_types = [] This causes all semanage commands to fail (without a patched refpolicy to define ibpkey_type). Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in import seobject File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, in class ibpkeyRecords(semanageRecords): File "/usr/lib64/python2.7/site-packages/seobject.py", line 1315, in ibpkeyRecords q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy() ), attrs=["ibpkey_type"]) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/typequery.py", line 72, in __init__ super(TypeQuery, self).__init__(policy, **kwargs) File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux- x86_64.egg/setools/query.py", line 39, in __init__ setattr(self, name, kwargs[name]) File
Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: > From: Daniel Jurgens> > Update libsepol and libsemanage to work with pkey records. Add local > storage for new and modified pkey records in pkeys.local. Update > semanage > to parse the pkey command options to add, modify, and delete pkeys. > > Signed-off-by: Daniel Jurgens > > --- > v1: > Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow > in > seobject.py > > Stephen Smalley: > - Subnet prefix can't vary in size always 16 bytes, remove size > field. > - Removed extraneous change in libsepol/VERSION > - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. > - Got rid of magic constant for subnet prefix size. > > Jason Zaman: > - Use SETools directly to query types in seobject.py. > > Signed-off-by: Daniel Jurgens > --- > libsemanage/include/semanage/ibpkey_record.h | 76 + > libsemanage/include/semanage/ibpkeys_local.h | 36 +++ > libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ > libsemanage/include/semanage/semanage.h | 3 + > libsemanage/src/direct_api.c | 29 +- > libsemanage/src/handle.h | 36 ++- > libsemanage/src/ibpkey_internal.h | 52 +++ > libsemanage/src/ibpkey_record.c | 185 +++ > libsemanage/src/ibpkeys_file.c| 181 +++ > libsemanage/src/ibpkeys_local.c | 178 ++ > libsemanage/src/ibpkeys_policy.c | 52 +++ > libsemanage/src/ibpkeys_policydb.c| 62 > libsemanage/src/libsemanage.map | 1 + > libsemanage/src/policy_components.c | 5 +- > libsemanage/src/semanage_store.c | 1 + > libsemanage/src/semanage_store.h | 1 + > libsemanage/src/semanageswig.i| 3 + > libsemanage/src/semanageswig_python.i | 43 +++ > libsemanage/utils/semanage_migrate_store | 3 +- > libsepol/include/sepol/ibpkey_record.h| 77 + > libsepol/include/sepol/ibpkeys.h | 44 +++ > libsepol/include/sepol/sepol.h| 2 + > libsepol/src/ibpkey_internal.h| 21 ++ > libsepol/src/ibpkey_record.c | 448 > ++ > libsepol/src/ibpkeys.c| 263 +++ > python/semanage/semanage | 60 +++- > python/semanage/seobject.py | 255 +++ > 27 files changed, 2129 insertions(+), 16 deletions(-) > create mode 100644 libsemanage/include/semanage/ibpkey_record.h > create mode 100644 libsemanage/include/semanage/ibpkeys_local.h > create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h > create mode 100644 libsemanage/src/ibpkey_internal.h > create mode 100644 libsemanage/src/ibpkey_record.c > create mode 100644 libsemanage/src/ibpkeys_file.c > create mode 100644 libsemanage/src/ibpkeys_local.c > create mode 100644 libsemanage/src/ibpkeys_policy.c > create mode 100644 libsemanage/src/ibpkeys_policydb.c > create mode 100644 libsepol/include/sepol/ibpkey_record.h > create mode 100644 libsepol/include/sepol/ibpkeys.h > create mode 100644 libsepol/src/ibpkey_internal.h > create mode 100644 libsepol/src/ibpkey_record.c > create mode 100644 libsepol/src/ibpkeys.c > > diff --git a/libsemanage/include/semanage/ibpkey_record.h > b/libsemanage/include/semanage/ibpkey_record.h > new file mode 100644 > index 000..d76aaae > --- /dev/null > +++ b/libsemanage/include/semanage/ibpkey_record.h > @@ -0,0 +1,76 @@ > +/* Copyright (C) 2017 Mellanox Technologies Inc */ > + > +#ifndef _SEMANAGE_IBPKEY_RECORD_H_ > +#define _SEMANAGE_IBPKEY_RECORD_H_ > + > +#include > +#include > +#include > + > +#ifndef _SEMANAGE_IBPKEY_DEFINED_ > +struct semanage_ibpkey; > +struct semanage_ibpkey_key; > +typedef struct semanage_ibpkey semanage_ibpkey_t; > +typedef struct semanage_ibpkey_key semanage_ibpkey_key_t; > +#define _SEMANAGE_IBPKEY_DEFINED_ > +#endif > + > +#define INET6_ADDRLEN 16 We shouldn't expose this in a public header; it's an implementation detail. Likely could/should define it as sizeof(struct in6_addr) to ensure consistency? > diff --git a/libsepol/include/sepol/ibpkey_record.h > b/libsepol/include/sepol/ibpkey_record.h > new file mode 100644 > index 000..fff4591 > --- /dev/null > +++ b/libsepol/include/sepol/ibpkey_record.h > @@ -0,0 +1,77 @@ > +#ifndef _SEPOL_IBPKEY_RECORD_H_ > +#define _SEPOL_IBPKEY_RECORD_H_ > + > +#include > +#include > +#include > +#include > + > +#define INET6_ADDRLEN 16 Ditto > diff --git a/libsepol/src/ibpkey_record.c > b/libsepol/src/ibpkey_record.c > new file mode 100644 > index 000..4eed083 > --- /dev/null > +++ b/libsepol/src/ibpkey_record.c > @@ -0,0 +1,448 @@ > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "ibpkey_internal.h" > +#include