From: Daniel Jurgens
Update the main man page and add specific pages for ibpkeys and
ibendports.
Signed-off-by: Daniel Jurgens
---
python/semanage/semanage-ibendport.8 | 66
python/semanage/semanage-ibpkey.8| 66
pyt
From: Daniel Jurgens
Add IB end port parsing, symbol table management, and policy generation
to CIL.
Signed-off-by: Daniel Jurgens
---
v1:
James Carter:
- Add cil_resolve_ibendportcon prototype in cil_resolve_ast.h
Signed-off-by: Daniel Jurgens
---
libsepol/cil/src/cil.c | 18 ++
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibendportcon labels.
Also create a new ocontext for IB end ports.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Check IB device name length when parsing policy.
- Use strcmp vs strncmp to compare device names.
Si
On Tue, 2017-05-16 at 03:22 +0900, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, made of colon separated name and value pairs
> that give information about how the policy is applied in the
> security module(s).
> Note that the ordering
From: Daniel Jurgens
Update libsepol and libsemanage to work with ibendport records. Add local
storage for new and modified ibendport records in ibendports.local.
Update semanage to parse the ibendport command options to add, modify,
and delete them.
Signed-off-by: Daniel Jurgens
---
v1:
Jason
From: Daniel Jurgens
Update libsepol and libsemanage to work with pkey records. Add local
storage for new and modified pkey records in pkeys.local. Update semanage
to parse the pkey command options to add, modify, and delete pkeys.
Signed-off-by: Daniel Jurgens
---
v1:
Fixed semanage_pkey_exis
From: Daniel Jurgens
Add Infiniband pkey parsing, symbol table management, and policy
generation to CIL.
Signed-off-by: Daniel Jurgens
---
libsepol/cil/src/cil.c | 19 +
libsepol/cil/src/cil_binary.c | 39 +
libsepol/cil/src/cil_binary.h | 12 +
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibpkeycon labels. Also
create a new ocontext for Infiniband Pkeys and define a new policydb
version for infiniband support.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Always use s6_addr instead of s6_addr32.
-
From: Daniel Jurgens
Infiniband applications access HW from user-space -- traffic is generated
directly by HW, bypassing the kernel. Consequently, Infiniband Partitions,
which are associated directly with HW transport endpoints, are a natural
choice for enforcing granular mandatory access control
From: Daniel Jurgens
Add support for reading, writing, and copying IB end port ocontext data.
Also add support for querying a IB end port sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed unused domain and type params from sepol_ibendport_sid.
- Remove ibendp
From: Daniel Jurgens
Add support for reading, writing, and copying Infinabinda Pkey ocontext
data. Also add support for querying a Pkey sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed domain and type params from sepol_ibpkey_sid.
- Removed splen param from
On Fri, 2017-05-12 at 22:13 +0200, Nicolas Iooss wrote:
> selabel_subs_init() returned without closing cfg when a call to
> fstat()
> failed. Fix this.
>
> Signed-off-by: Nicolas Iooss
Thanks, applied both patches.
> ---
> libselinux/src/label.c | 2 +-
> 1 file changed, 1 insertion(+), 1 dele
Add policybrief field to struct policydb. It holds a brief info
of the policydb, made of colon separated name and value pairs
that give information about how the policy is applied in the
security module(s).
Note that the ordering of the fields in the string may change.
Policy brief is computed eve
Expose policy brief via selinuxfs.
Signed-off-by: Sebastien Buisson
---
security/selinux/selinuxfs.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e8fe914..2561f96 100644
--- a/security/selinux/se
Presently we support xperms rules in source policy and in CIL modules.
The binary policy module format however was never extended for xperms.
This limitation inhibits use of xperms in refpolicy-based policy modules
(including the selinux-testsuite policy). Update libsepol to support
linking, readi
On Fri, 2017-05-12 at 15:02 -0700, William Roberts wrote:
>
>
> On Fri, May 12, 2017 at 1:26 PM, Nicolas Iooss > wrote:
> > Hi,
> >
> > Currently libselinux/src/label.c defines selabel_subs_init() like
> > this [1]:
> >
> > struct selabel_sub *selabel_subs_init(/* ... */)
> > {
> >
16 matches
Mail list logo