[PATCH v8 2/9] IB/core: Enforce PKey security on QPs

From: Daniel Jurgens Add new LSM hooks to allocate and free security contexts and check for permission to access a PKey. Allocate and free a security context when creating and destroying a QP. This context is used for controlling access to PKeys. When a request is made to modify a QP that chang

Re: [PATCH v7 0/9] SELinux support for Infiniband RDMA

On Sun, May 21, 2017 at 8:35 PM, James Morris wrote: > On Fri, 19 May 2017, Dan Jurgens wrote: > >> From: Daniel Jurgens > > What kind of testing has this code had? It's relatively complex and as a > security feature, it especially needs to be well-tested. Check the relevant threads on the SELi

Re: [PATCH v7 2/9] IB/core: Enforce PKey security on QPs

On Mon, May 22, 2017 at 6:42 AM, Daniel Jurgens wrote: > On 5/21/2017 7:13 PM, James Morris wrote: >> On Fri, 19 May 2017, Dan Jurgens wrote: >> >>> security/security.c | 385 ++ >> This looks wrong -- merge problem? > > Yes, it was a merge problem. I added bac

Re: [PATCH v6 1/2] selinux: add brief info to policydb

Hi, 2017-05-18 23:49 GMT+02:00 Paul Moore : > My apologies to you and Sebastien for not reviewing these patches sooner. It is ok, no problem. Thanks for all the advice from you and Stephen. I will try to take all this into account. As I understand it, I should not give the choice to allocate or

Re: [PATCH v8 2/9] IB/core: Enforce PKey security on QPs

On Tue, May 23, 2017 at 6:57 AM, Dan Jurgens wrote: > From: Daniel Jurgens > > Add new LSM hooks to allocate and free security contexts and check for > permission to access a PKey. > > Allocate and free a security context when creating and destroying a QP. > This context is used for controlling a

Fwd: security-next merged to v4.12-rc2

FYI: I've rebased selinux/next on top of the latest linux-security/next branch. -- Forwarded message -- From: James Morris Date: Mon, May 22, 2017 at 3:40 AM Subject: security-next merged to v4.12-rc2 To: linux-security-mod...@vger.kernel.org FYI, for subsystem developers. --

Re: [PATCH v6 1/2] selinux: add brief info to policydb

On Tue, May 23, 2017 at 12:29 PM, Sebastien Buisson wrote: > Hi, Hello. > 2017-05-18 23:49 GMT+02:00 Paul Moore : >> My apologies to you and Sebastien for not reviewing these patches sooner. > > It is ok, no problem. > Thanks for all the advice from you and Stephen. I will try to take all > this

Re: [PATCH v6 1/2] selinux: add brief info to policydb

On Tue, 2017-05-23 at 18:29 +0200, Sebastien Buisson wrote: > Hi, > > 2017-05-18 23:49 GMT+02:00 Paul Moore : > > My apologies to you and Sebastien for not reviewing these patches > > sooner. > > It is ok, no problem. > Thanks for all the advice from you and Stephen. I will try to take > all > th

Re: [PATCH 2/2] libsepol: use the number of elements in calloc first argument

On Sat, 2017-05-20 at 12:11 +0200, Nicolas Iooss wrote: > When allocating an array with calloc(), the first argument usually is > the number of items and the second one the size of an item. Doing so > silences a warning reported by clang's static analyzer: > > kernel_to_cil.c:2050:14: warning: