subject:"Re\: \[PATCH v1 7\/9\] semanage\: Update semanage to allow runtime labeling of Infiniband Pkeys"

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

2017-05-18 Thread Daniel Jurgens

On 5/16/2017 2:10 PM, Stephen Smalley wrote:
> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens 
>>
>> Update libsepol and libsemanage to work with pkey records. Add local
>> storage for new and modified pkey records in pkeys.local. Update
>> semanage
>> to parse the pkey command options to add, modify, and delete pkeys.
>>
>> Signed-off-by: Daniel Jurgens 
>>
>> ---
>> v1:
>> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow
>> in
>> seobject.py
>>
>> Stephen Smalley:
>> - Subnet prefix can't vary in size always 16 bytes, remove size
>> field.
>> - Removed extraneous change in libsepol/VERSION
>> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
>> - Got rid of magic constant for subnet prefix size.
>>
>> Jason Zaman:
>> - Use SETools directly to query types in seobject.py.
>>
>> Signed-off-by: Daniel Jurgens 
>> ---
>>  libsemanage/include/semanage/ibpkey_record.h  |  76 +
>>  libsemanage/include/semanage/ibpkeys_local.h  |  36 +++
>>  libsemanage/include/semanage/ibpkeys_policy.h |  28 ++
>>  libsemanage/include/semanage/semanage.h   |   3 +
>>  libsemanage/src/direct_api.c  |  29 +-
>>  libsemanage/src/handle.h  |  36 ++-
>>  libsemanage/src/ibpkey_internal.h |  52 +++
>>  libsemanage/src/ibpkey_record.c   | 185 +++
>>  libsemanage/src/ibpkeys_file.c| 181 +++
>>  libsemanage/src/ibpkeys_local.c   | 178 ++
>>  libsemanage/src/ibpkeys_policy.c  |  52 +++
>>  libsemanage/src/ibpkeys_policydb.c|  62 
>>  libsemanage/src/libsemanage.map   |   1 +
>>  libsemanage/src/policy_components.c   |   5 +-
>>  libsemanage/src/semanage_store.c  |   1 +
>>  libsemanage/src/semanage_store.h  |   1 +
>>  libsemanage/src/semanageswig.i|   3 +
>>  libsemanage/src/semanageswig_python.i |  43 +++
>>  libsemanage/utils/semanage_migrate_store  |   3 +-
>>  libsepol/include/sepol/ibpkey_record.h|  77 +
>>  libsepol/include/sepol/ibpkeys.h  |  44 +++
>>  libsepol/include/sepol/sepol.h|   2 +
>>  libsepol/src/ibpkey_internal.h|  21 ++
>>  libsepol/src/ibpkey_record.c  | 448
>> ++
>>  libsepol/src/ibpkeys.c| 263 +++
>>  python/semanage/semanage  |  60 +++-
>>  python/semanage/seobject.py   | 255 +++
>>  27 files changed, 2129 insertions(+), 16 deletions(-)
>>  create mode 100644 libsemanage/include/semanage/ibpkey_record.h
>>  create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
>>  create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
>>  create mode 100644 libsemanage/src/ibpkey_internal.h
>>  create mode 100644 libsemanage/src/ibpkey_record.c
>>  create mode 100644 libsemanage/src/ibpkeys_file.c
>>  create mode 100644 libsemanage/src/ibpkeys_local.c
>>  create mode 100644 libsemanage/src/ibpkeys_policy.c
>>  create mode 100644 libsemanage/src/ibpkeys_policydb.c
>>  create mode 100644 libsepol/include/sepol/ibpkey_record.h
>>  create mode 100644 libsepol/include/sepol/ibpkeys.h
>>  create mode 100644 libsepol/src/ibpkey_internal.h
>>  create mode 100644 libsepol/src/ibpkey_record.c
>>  create mode 100644 libsepol/src/ibpkeys.c
>>
>> diff --git a/libsemanage/include/semanage/ibpkey_record.h
>> b/libsemanage/include/semanage/ibpkey_record.h
>> new file mode 100644
>> index 000..d76aaae
>> --- /dev/null
>> +++ b/libsemanage/include/semanage/ibpkey_record.h
>> @@ -0,0 +1,76 @@
>> +/* Copyright (C) 2017 Mellanox Technologies Inc */
>> +
>> +#ifndef _SEMANAGE_IBPKEY_RECORD_H_
>> +#define _SEMANAGE_IBPKEY_RECORD_H_
>> +
>> +#include 
>> +#include 
>> +#include 
>> +
>> +#ifndef _SEMANAGE_IBPKEY_DEFINED_
>> +struct semanage_ibpkey;
>> +struct semanage_ibpkey_key;
>> +typedef struct semanage_ibpkey semanage_ibpkey_t;
>> +typedef struct semanage_ibpkey_key semanage_ibpkey_key_t;
>> +#define _SEMANAGE_IBPKEY_DEFINED_
>> +#endif
>> +
>> +#define INET6_ADDRLEN 16
> We shouldn't expose this in a public header; it's an implementation
> detail.  Likely could/should define it as sizeof(struct in6_addr) to
> ensure consistency?
>
>> +#define INET6_ADDRLEN 16
> Ditto

Changed to sizeof(struct in6_addr) for these.

>> +#ifdef DARWIN
>> +memcpy(_addr[0], subnet_prefix_bytes, 16);
>> +#else
>> +memcpy(_addr32[0], subnet_prefix_bytes, 16);
>> +#endif
> Another case where you can drop #ifdef DARWIN and just use s6_addr.
>
Done

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

2017-05-16 Thread Daniel Jurgens

On 5/16/2017 2:36 PM, Stephen Smalley wrote:
> On Tue, 2017-05-16 at 19:34 +, Daniel Jurgens wrote:
>> On 5/16/2017 2:30 PM, Stephen Smalley wrote:
>>> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
 From: Daniel Jurgens 

 Update libsepol and libsemanage to work with pkey records. Add
 local
 storage for new and modified pkey records in pkeys.local. Update
 semanage
 to parse the pkey command options to add, modify, and delete
 pkeys.

 Signed-off-by: Daniel Jurgens 

 ---
 v1:
 Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete
 flow
 in
 seobject.py

 Stephen Smalley:
 - Subnet prefix can't vary in size always 16 bytes, remove size
 field.
 - Removed extraneous change in libsepol/VERSION
 - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
 - Got rid of magic constant for subnet prefix size.

 Jason Zaman:
 - Use SETools directly to query types in seobject.py.

 Signed-off-by: Daniel Jurgens 
 ---
  libsemanage/include/semanage/ibpkey_record.h  |  76 +
  libsemanage/include/semanage/ibpkeys_local.h  |  36 +++
  libsemanage/include/semanage/ibpkeys_policy.h |  28 ++
  libsemanage/include/semanage/semanage.h   |   3 +
  libsemanage/src/direct_api.c  |  29 +-
  libsemanage/src/handle.h  |  36 ++-
  libsemanage/src/ibpkey_internal.h |  52 +++
  libsemanage/src/ibpkey_record.c   | 185 +++
  libsemanage/src/ibpkeys_file.c| 181 +++
  libsemanage/src/ibpkeys_local.c   | 178 ++
  libsemanage/src/ibpkeys_policy.c  |  52 +++
  libsemanage/src/ibpkeys_policydb.c|  62 
  libsemanage/src/libsemanage.map   |   1 +
  libsemanage/src/policy_components.c   |   5 +-
  libsemanage/src/semanage_store.c  |   1 +
  libsemanage/src/semanage_store.h  |   1 +
  libsemanage/src/semanageswig.i|   3 +
  libsemanage/src/semanageswig_python.i |  43 +++
  libsemanage/utils/semanage_migrate_store  |   3 +-
  libsepol/include/sepol/ibpkey_record.h|  77 +
  libsepol/include/sepol/ibpkeys.h  |  44 +++
  libsepol/include/sepol/sepol.h|   2 +
  libsepol/src/ibpkey_internal.h|  21 ++
  libsepol/src/ibpkey_record.c  | 448
 ++
  libsepol/src/ibpkeys.c| 263
 +++
  python/semanage/semanage  |  60 +++-
  python/semanage/seobject.py   | 255
 +++
  27 files changed, 2129 insertions(+), 16 deletions(-)
  create mode 100644 libsemanage/include/semanage/ibpkey_record.h
  create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
  create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
  create mode 100644 libsemanage/src/ibpkey_internal.h
  create mode 100644 libsemanage/src/ibpkey_record.c
  create mode 100644 libsemanage/src/ibpkeys_file.c
  create mode 100644 libsemanage/src/ibpkeys_local.c
  create mode 100644 libsemanage/src/ibpkeys_policy.c
  create mode 100644 libsemanage/src/ibpkeys_policydb.c
  create mode 100644 libsepol/include/sepol/ibpkey_record.h
  create mode 100644 libsepol/include/sepol/ibpkeys.h
  create mode 100644 libsepol/src/ibpkey_internal.h
  create mode 100644 libsepol/src/ibpkey_record.c
  create mode 100644 libsepol/src/ibpkeys.c

 diff --git a/python/semanage/seobject.py
 b/python/semanage/seobject.py
 index 7a54373..41b0aca 100644
 --- a/python/semanage/seobject.py
 +++ b/python/semanage/seobject.py
 @@ -32,6 +32,7 @@ import socket
  from semanage import *
  PROGNAME = "policycoreutils"
  import sepolicy
 +import setools
  from IPy import IP
  
  try:
 @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords):
  rec += ", %s" % p
  print(rec)
  
 +class ibpkeyRecords(semanageRecords):
 +try:
 +q =
 setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_po
 licy
 ()), attrs=["ibpkey_type"])
 +valid_types = sorted(str(t) for t in q.results())
 +except RuntimeError:
 +valid_types = []
>>> This causes all semanage commands to fail (without a patched
>>> refpolicy
>>> to define ibpkey_type).
>>>
>>> Traceback (most recent call last):
>>>   File "/usr/sbin/semanage", line 28, in 
>>> import seobject
>>>   File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313,
>>> in
>>> 
>>> class ibpkeyRecords(semanageRecords):
>>>   File

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

2017-05-16 Thread Stephen Smalley

On Tue, 2017-05-16 at 19:34 +, Daniel Jurgens wrote:
> On 5/16/2017 2:30 PM, Stephen Smalley wrote:
> > On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> > > From: Daniel Jurgens 
> > > 
> > > Update libsepol and libsemanage to work with pkey records. Add
> > > local
> > > storage for new and modified pkey records in pkeys.local. Update
> > > semanage
> > > to parse the pkey command options to add, modify, and delete
> > > pkeys.
> > > 
> > > Signed-off-by: Daniel Jurgens 
> > > 
> > > ---
> > > v1:
> > > Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete
> > > flow
> > > in
> > > seobject.py
> > > 
> > > Stephen Smalley:
> > > - Subnet prefix can't vary in size always 16 bytes, remove size
> > > field.
> > > - Removed extraneous change in libsepol/VERSION
> > > - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
> > > - Got rid of magic constant for subnet prefix size.
> > > 
> > > Jason Zaman:
> > > - Use SETools directly to query types in seobject.py.
> > > 
> > > Signed-off-by: Daniel Jurgens 
> > > ---
> > >  libsemanage/include/semanage/ibpkey_record.h  |  76 +
> > >  libsemanage/include/semanage/ibpkeys_local.h  |  36 +++
> > >  libsemanage/include/semanage/ibpkeys_policy.h |  28 ++
> > >  libsemanage/include/semanage/semanage.h   |   3 +
> > >  libsemanage/src/direct_api.c  |  29 +-
> > >  libsemanage/src/handle.h  |  36 ++-
> > >  libsemanage/src/ibpkey_internal.h |  52 +++
> > >  libsemanage/src/ibpkey_record.c   | 185 +++
> > >  libsemanage/src/ibpkeys_file.c| 181 +++
> > >  libsemanage/src/ibpkeys_local.c   | 178 ++
> > >  libsemanage/src/ibpkeys_policy.c  |  52 +++
> > >  libsemanage/src/ibpkeys_policydb.c|  62 
> > >  libsemanage/src/libsemanage.map   |   1 +
> > >  libsemanage/src/policy_components.c   |   5 +-
> > >  libsemanage/src/semanage_store.c  |   1 +
> > >  libsemanage/src/semanage_store.h  |   1 +
> > >  libsemanage/src/semanageswig.i|   3 +
> > >  libsemanage/src/semanageswig_python.i |  43 +++
> > >  libsemanage/utils/semanage_migrate_store  |   3 +-
> > >  libsepol/include/sepol/ibpkey_record.h|  77 +
> > >  libsepol/include/sepol/ibpkeys.h  |  44 +++
> > >  libsepol/include/sepol/sepol.h|   2 +
> > >  libsepol/src/ibpkey_internal.h|  21 ++
> > >  libsepol/src/ibpkey_record.c  | 448
> > > ++
> > >  libsepol/src/ibpkeys.c| 263
> > > +++
> > >  python/semanage/semanage  |  60 +++-
> > >  python/semanage/seobject.py   | 255
> > > +++
> > >  27 files changed, 2129 insertions(+), 16 deletions(-)
> > >  create mode 100644 libsemanage/include/semanage/ibpkey_record.h
> > >  create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
> > >  create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
> > >  create mode 100644 libsemanage/src/ibpkey_internal.h
> > >  create mode 100644 libsemanage/src/ibpkey_record.c
> > >  create mode 100644 libsemanage/src/ibpkeys_file.c
> > >  create mode 100644 libsemanage/src/ibpkeys_local.c
> > >  create mode 100644 libsemanage/src/ibpkeys_policy.c
> > >  create mode 100644 libsemanage/src/ibpkeys_policydb.c
> > >  create mode 100644 libsepol/include/sepol/ibpkey_record.h
> > >  create mode 100644 libsepol/include/sepol/ibpkeys.h
> > >  create mode 100644 libsepol/src/ibpkey_internal.h
> > >  create mode 100644 libsepol/src/ibpkey_record.c
> > >  create mode 100644 libsepol/src/ibpkeys.c
> > > 
> > > diff --git a/python/semanage/seobject.py
> > > b/python/semanage/seobject.py
> > > index 7a54373..41b0aca 100644
> > > --- a/python/semanage/seobject.py
> > > +++ b/python/semanage/seobject.py
> > > @@ -32,6 +32,7 @@ import socket
> > >  from semanage import *
> > >  PROGNAME = "policycoreutils"
> > >  import sepolicy
> > > +import setools
> > >  from IPy import IP
> > >  
> > >  try:
> > > @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords):
> > >  rec += ", %s" % p
> > >  print(rec)
> > >  
> > > +class ibpkeyRecords(semanageRecords):
> > > +try:
> > > +q =
> > > setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_po
> > > licy
> > > ()), attrs=["ibpkey_type"])
> > > +valid_types = sorted(str(t) for t in q.results())
> > > +except RuntimeError:
> > > +valid_types = []
> > 
> > This causes all semanage commands to fail (without a patched
> > refpolicy
> > to define ibpkey_type).
> > 
> > Traceback (most recent call last):
> >   File "/usr/sbin/semanage", line 28, in 
> > import seobject
> >   File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313,
> > in
> > 
> >

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

2017-05-16 Thread Daniel Jurgens

On 5/16/2017 2:30 PM, Stephen Smalley wrote:
> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens 
>>
>> Update libsepol and libsemanage to work with pkey records. Add local
>> storage for new and modified pkey records in pkeys.local. Update
>> semanage
>> to parse the pkey command options to add, modify, and delete pkeys.
>>
>> Signed-off-by: Daniel Jurgens 
>>
>> ---
>> v1:
>> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow
>> in
>> seobject.py
>>
>> Stephen Smalley:
>> - Subnet prefix can't vary in size always 16 bytes, remove size
>> field.
>> - Removed extraneous change in libsepol/VERSION
>> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
>> - Got rid of magic constant for subnet prefix size.
>>
>> Jason Zaman:
>> - Use SETools directly to query types in seobject.py.
>>
>> Signed-off-by: Daniel Jurgens 
>> ---
>>  libsemanage/include/semanage/ibpkey_record.h  |  76 +
>>  libsemanage/include/semanage/ibpkeys_local.h  |  36 +++
>>  libsemanage/include/semanage/ibpkeys_policy.h |  28 ++
>>  libsemanage/include/semanage/semanage.h   |   3 +
>>  libsemanage/src/direct_api.c  |  29 +-
>>  libsemanage/src/handle.h  |  36 ++-
>>  libsemanage/src/ibpkey_internal.h |  52 +++
>>  libsemanage/src/ibpkey_record.c   | 185 +++
>>  libsemanage/src/ibpkeys_file.c| 181 +++
>>  libsemanage/src/ibpkeys_local.c   | 178 ++
>>  libsemanage/src/ibpkeys_policy.c  |  52 +++
>>  libsemanage/src/ibpkeys_policydb.c|  62 
>>  libsemanage/src/libsemanage.map   |   1 +
>>  libsemanage/src/policy_components.c   |   5 +-
>>  libsemanage/src/semanage_store.c  |   1 +
>>  libsemanage/src/semanage_store.h  |   1 +
>>  libsemanage/src/semanageswig.i|   3 +
>>  libsemanage/src/semanageswig_python.i |  43 +++
>>  libsemanage/utils/semanage_migrate_store  |   3 +-
>>  libsepol/include/sepol/ibpkey_record.h|  77 +
>>  libsepol/include/sepol/ibpkeys.h  |  44 +++
>>  libsepol/include/sepol/sepol.h|   2 +
>>  libsepol/src/ibpkey_internal.h|  21 ++
>>  libsepol/src/ibpkey_record.c  | 448
>> ++
>>  libsepol/src/ibpkeys.c| 263 +++
>>  python/semanage/semanage  |  60 +++-
>>  python/semanage/seobject.py   | 255 +++
>>  27 files changed, 2129 insertions(+), 16 deletions(-)
>>  create mode 100644 libsemanage/include/semanage/ibpkey_record.h
>>  create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
>>  create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
>>  create mode 100644 libsemanage/src/ibpkey_internal.h
>>  create mode 100644 libsemanage/src/ibpkey_record.c
>>  create mode 100644 libsemanage/src/ibpkeys_file.c
>>  create mode 100644 libsemanage/src/ibpkeys_local.c
>>  create mode 100644 libsemanage/src/ibpkeys_policy.c
>>  create mode 100644 libsemanage/src/ibpkeys_policydb.c
>>  create mode 100644 libsepol/include/sepol/ibpkey_record.h
>>  create mode 100644 libsepol/include/sepol/ibpkeys.h
>>  create mode 100644 libsepol/src/ibpkey_internal.h
>>  create mode 100644 libsepol/src/ibpkey_record.c
>>  create mode 100644 libsepol/src/ibpkeys.c
>>
>> diff --git a/python/semanage/seobject.py
>> b/python/semanage/seobject.py
>> index 7a54373..41b0aca 100644
>> --- a/python/semanage/seobject.py
>> +++ b/python/semanage/seobject.py
>> @@ -32,6 +32,7 @@ import socket
>>  from semanage import *
>>  PROGNAME = "policycoreutils"
>>  import sepolicy
>> +import setools
>>  from IPy import IP
>>  
>>  try:
>> @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords):
>>  rec += ", %s" % p
>>  print(rec)
>>  
>> +class ibpkeyRecords(semanageRecords):
>> +try:
>> +q =
>> setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy
>> ()), attrs=["ibpkey_type"])
>> +valid_types = sorted(str(t) for t in q.results())
>> +except RuntimeError:
>> +valid_types = []
> This causes all semanage commands to fail (without a patched refpolicy
> to define ibpkey_type).
>
> Traceback (most recent call last):
>   File "/usr/sbin/semanage", line 28, in 
> import seobject
>   File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, in
> 
> class ibpkeyRecords(semanageRecords):
>   File "/usr/lib64/python2.7/site-packages/seobject.py", line 1315, in
> ibpkeyRecords
> q =
> setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()
> ), attrs=["ibpkey_type"])
>   File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
> x86_64.egg/setools/typequery.py", line 72, in __init__
> super(TypeQuery, self).__init__(policy,

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

2017-05-16 Thread Stephen Smalley

On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens 
> 
> Update libsepol and libsemanage to work with pkey records. Add local
> storage for new and modified pkey records in pkeys.local. Update
> semanage
> to parse the pkey command options to add, modify, and delete pkeys.
> 
> Signed-off-by: Daniel Jurgens 
> 
> ---
> v1:
> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow
> in
> seobject.py
> 
> Stephen Smalley:
> - Subnet prefix can't vary in size always 16 bytes, remove size
> field.
> - Removed extraneous change in libsepol/VERSION
> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
> - Got rid of magic constant for subnet prefix size.
> 
> Jason Zaman:
> - Use SETools directly to query types in seobject.py.
> 
> Signed-off-by: Daniel Jurgens 
> ---
>  libsemanage/include/semanage/ibpkey_record.h  |  76 +
>  libsemanage/include/semanage/ibpkeys_local.h  |  36 +++
>  libsemanage/include/semanage/ibpkeys_policy.h |  28 ++
>  libsemanage/include/semanage/semanage.h   |   3 +
>  libsemanage/src/direct_api.c  |  29 +-
>  libsemanage/src/handle.h  |  36 ++-
>  libsemanage/src/ibpkey_internal.h |  52 +++
>  libsemanage/src/ibpkey_record.c   | 185 +++
>  libsemanage/src/ibpkeys_file.c| 181 +++
>  libsemanage/src/ibpkeys_local.c   | 178 ++
>  libsemanage/src/ibpkeys_policy.c  |  52 +++
>  libsemanage/src/ibpkeys_policydb.c|  62 
>  libsemanage/src/libsemanage.map   |   1 +
>  libsemanage/src/policy_components.c   |   5 +-
>  libsemanage/src/semanage_store.c  |   1 +
>  libsemanage/src/semanage_store.h  |   1 +
>  libsemanage/src/semanageswig.i|   3 +
>  libsemanage/src/semanageswig_python.i |  43 +++
>  libsemanage/utils/semanage_migrate_store  |   3 +-
>  libsepol/include/sepol/ibpkey_record.h|  77 +
>  libsepol/include/sepol/ibpkeys.h  |  44 +++
>  libsepol/include/sepol/sepol.h|   2 +
>  libsepol/src/ibpkey_internal.h|  21 ++
>  libsepol/src/ibpkey_record.c  | 448
> ++
>  libsepol/src/ibpkeys.c| 263 +++
>  python/semanage/semanage  |  60 +++-
>  python/semanage/seobject.py   | 255 +++
>  27 files changed, 2129 insertions(+), 16 deletions(-)
>  create mode 100644 libsemanage/include/semanage/ibpkey_record.h
>  create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
>  create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
>  create mode 100644 libsemanage/src/ibpkey_internal.h
>  create mode 100644 libsemanage/src/ibpkey_record.c
>  create mode 100644 libsemanage/src/ibpkeys_file.c
>  create mode 100644 libsemanage/src/ibpkeys_local.c
>  create mode 100644 libsemanage/src/ibpkeys_policy.c
>  create mode 100644 libsemanage/src/ibpkeys_policydb.c
>  create mode 100644 libsepol/include/sepol/ibpkey_record.h
>  create mode 100644 libsepol/include/sepol/ibpkeys.h
>  create mode 100644 libsepol/src/ibpkey_internal.h
>  create mode 100644 libsepol/src/ibpkey_record.c
>  create mode 100644 libsepol/src/ibpkeys.c
> 
> diff --git a/python/semanage/seobject.py
> b/python/semanage/seobject.py
> index 7a54373..41b0aca 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -32,6 +32,7 @@ import socket
>  from semanage import *
>  PROGNAME = "policycoreutils"
>  import sepolicy
> +import setools
>  from IPy import IP
>  
>  try:
> @@ -1309,6 +1310,260 @@ class portRecords(semanageRecords):
>  rec += ", %s" % p
>  print(rec)
>  
> +class ibpkeyRecords(semanageRecords):
> +try:
> +q =
> setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy
> ()), attrs=["ibpkey_type"])
> +valid_types = sorted(str(t) for t in q.results())
> +except RuntimeError:
> +valid_types = []

This causes all semanage commands to fail (without a patched refpolicy
to define ibpkey_type).

Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in 
import seobject
  File "/usr/lib64/python2.7/site-packages/seobject.py", line 1313, in

class ibpkeyRecords(semanageRecords):
  File "/usr/lib64/python2.7/site-packages/seobject.py", line 1315, in
ibpkeyRecords
q =
setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()
), attrs=["ibpkey_type"])
  File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/typequery.py", line 72, in __init__
super(TypeQuery, self).__init__(policy, **kwargs)
  File "/usr/lib64/python2.7/site-packages/setools-4.0.1-py2.7-linux-
x86_64.egg/setools/query.py", line 39, in __init__
setattr(self, name, kwargs[name])
  File

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

2017-05-16 Thread Stephen Smalley

On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens 
> 
> Update libsepol and libsemanage to work with pkey records. Add local
> storage for new and modified pkey records in pkeys.local. Update
> semanage
> to parse the pkey command options to add, modify, and delete pkeys.
> 
> Signed-off-by: Daniel Jurgens 
> 
> ---
> v1:
> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow
> in
> seobject.py
> 
> Stephen Smalley:
> - Subnet prefix can't vary in size always 16 bytes, remove size
> field.
> - Removed extraneous change in libsepol/VERSION
> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
> - Got rid of magic constant for subnet prefix size.
> 
> Jason Zaman:
> - Use SETools directly to query types in seobject.py.
> 
> Signed-off-by: Daniel Jurgens 
> ---
>  libsemanage/include/semanage/ibpkey_record.h  |  76 +
>  libsemanage/include/semanage/ibpkeys_local.h  |  36 +++
>  libsemanage/include/semanage/ibpkeys_policy.h |  28 ++
>  libsemanage/include/semanage/semanage.h   |   3 +
>  libsemanage/src/direct_api.c  |  29 +-
>  libsemanage/src/handle.h  |  36 ++-
>  libsemanage/src/ibpkey_internal.h |  52 +++
>  libsemanage/src/ibpkey_record.c   | 185 +++
>  libsemanage/src/ibpkeys_file.c| 181 +++
>  libsemanage/src/ibpkeys_local.c   | 178 ++
>  libsemanage/src/ibpkeys_policy.c  |  52 +++
>  libsemanage/src/ibpkeys_policydb.c|  62 
>  libsemanage/src/libsemanage.map   |   1 +
>  libsemanage/src/policy_components.c   |   5 +-
>  libsemanage/src/semanage_store.c  |   1 +
>  libsemanage/src/semanage_store.h  |   1 +
>  libsemanage/src/semanageswig.i|   3 +
>  libsemanage/src/semanageswig_python.i |  43 +++
>  libsemanage/utils/semanage_migrate_store  |   3 +-
>  libsepol/include/sepol/ibpkey_record.h|  77 +
>  libsepol/include/sepol/ibpkeys.h  |  44 +++
>  libsepol/include/sepol/sepol.h|   2 +
>  libsepol/src/ibpkey_internal.h|  21 ++
>  libsepol/src/ibpkey_record.c  | 448
> ++
>  libsepol/src/ibpkeys.c| 263 +++
>  python/semanage/semanage  |  60 +++-
>  python/semanage/seobject.py   | 255 +++
>  27 files changed, 2129 insertions(+), 16 deletions(-)
>  create mode 100644 libsemanage/include/semanage/ibpkey_record.h
>  create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
>  create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
>  create mode 100644 libsemanage/src/ibpkey_internal.h
>  create mode 100644 libsemanage/src/ibpkey_record.c
>  create mode 100644 libsemanage/src/ibpkeys_file.c
>  create mode 100644 libsemanage/src/ibpkeys_local.c
>  create mode 100644 libsemanage/src/ibpkeys_policy.c
>  create mode 100644 libsemanage/src/ibpkeys_policydb.c
>  create mode 100644 libsepol/include/sepol/ibpkey_record.h
>  create mode 100644 libsepol/include/sepol/ibpkeys.h
>  create mode 100644 libsepol/src/ibpkey_internal.h
>  create mode 100644 libsepol/src/ibpkey_record.c
>  create mode 100644 libsepol/src/ibpkeys.c
> 
> diff --git a/libsemanage/include/semanage/ibpkey_record.h
> b/libsemanage/include/semanage/ibpkey_record.h
> new file mode 100644
> index 000..d76aaae
> --- /dev/null
> +++ b/libsemanage/include/semanage/ibpkey_record.h
> @@ -0,0 +1,76 @@
> +/* Copyright (C) 2017 Mellanox Technologies Inc */
> +
> +#ifndef _SEMANAGE_IBPKEY_RECORD_H_
> +#define _SEMANAGE_IBPKEY_RECORD_H_
> +
> +#include 
> +#include 
> +#include 
> +
> +#ifndef _SEMANAGE_IBPKEY_DEFINED_
> +struct semanage_ibpkey;
> +struct semanage_ibpkey_key;
> +typedef struct semanage_ibpkey semanage_ibpkey_t;
> +typedef struct semanage_ibpkey_key semanage_ibpkey_key_t;
> +#define _SEMANAGE_IBPKEY_DEFINED_
> +#endif
> +
> +#define INET6_ADDRLEN 16

We shouldn't expose this in a public header; it's an implementation
detail.  Likely could/should define it as sizeof(struct in6_addr) to
ensure consistency?

> diff --git a/libsepol/include/sepol/ibpkey_record.h
> b/libsepol/include/sepol/ibpkey_record.h
> new file mode 100644
> index 000..fff4591
> --- /dev/null
> +++ b/libsepol/include/sepol/ibpkey_record.h
> @@ -0,0 +1,77 @@
> +#ifndef _SEPOL_IBPKEY_RECORD_H_
> +#define _SEPOL_IBPKEY_RECORD_H_
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#define INET6_ADDRLEN 16

Ditto

> diff --git a/libsepol/src/ibpkey_record.c
> b/libsepol/src/ibpkey_record.c
> new file mode 100644
> index 000..4eed083
> --- /dev/null
> +++ b/libsepol/src/ibpkey_record.c
> @@ -0,0 +1,448 @@
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#include "ibpkey_internal.h"
> +#include

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

Re: [PATCH v1 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys

6 matches

Site Navigation

Mail list logo

Footer information