Re: ioctl help

2017-05-24 Thread Dominick Grift
On Wed, May 24, 2017 at 04:11:44PM -0400, Stephen Smalley wrote: > On Wed, 2017-05-24 at 14:08 +0200, Dominick Grift wrote: > > I was looking again at ioctl whitelisting, and excuse me if I > > overlooked some documentation, but I am having a hard time > > implementing this. > > what I did was I

Re: Fedora COPR repositories with builds of latest code

2017-05-24 Thread Dominick Grift
On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote: > On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote: > > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: > > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > > > > For the motivation see > > >

Re: [PATCH v3 9/9] semanage: Update man pages for infiniband

2017-05-24 Thread Stephen Smalley
On Mon, 2017-05-22 at 16:08 +0300, Dan Jurgens wrote: > From: Daniel Jurgens > > Update the main man page and add specific pages for ibpkeys and > ibendports. Thanks, applied all nine. I did notice that you left Dan Walsh as the author of the man pages you added though;

Re: Fedora COPR repositories with builds of latest code

2017-05-24 Thread Stephen Smalley
On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote: > On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: > > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > > > For the motivation see > > > https://marc.info/?l=selinux=149435307518336=2 > > > > Thanks! I

Re: ioctl help

2017-05-24 Thread Stephen Smalley
On Wed, 2017-05-24 at 14:08 +0200, Dominick Grift wrote: > I was looking again at ioctl whitelisting, and excuse me if I > overlooked some documentation, but I am having a hard time > implementing this. > what I did was I just wanted to basically test blacklisting a single > ioctl (no particular

Re: Fedora COPR repositories with builds of latest code

2017-05-24 Thread Dominick Grift
On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: > On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > > For the motivation see > > https://marc.info/?l=selinux=149435307518336=2 > > Thanks! I enabled the one with Fedora patches because i need python3 support > for

Re: Fedora COPR repositories with builds of latest code

2017-05-24 Thread Paul Moore
On Wed, May 24, 2017 at 10:22 AM, Petr Lautrbach wrote: > For the motivation see > https://marc.info/?l=selinux=149435307518336=2 > > I've restarted building of Fedora packages based on latest SELinux userspace > code in Fedora COPR. Packages are built using the >

Re: Fedora COPR repositories with builds of latest code

2017-05-24 Thread Dominick Grift
On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach wrote: > For the motivation see > https://marc.info/?l=selinux=149435307518336=2 Thanks! I enabled the one with Fedora patches because i need python3 support for setools4 This should allow me to enable extended_socket_class functionality

Fedora COPR repositories with builds of latest code

2017-05-24 Thread Petr Lautrbach
For the motivation see https://marc.info/?l=selinux=149435307518336=2 I've restarted building of Fedora packages based on latest SELinux userspace code in Fedora COPR. Packages are built using the https://gitlab.com/bachradsusi/selinux-rpm project. There is a new selinux.spec [1] file which

[PATCH v1 2/2] selinux-testsuite: Infiniband endport tests

2017-05-24 Thread Dan Jurgens
From: Daniel Jurgens New tests for Infiniband endports. Most users do not have infiniband hardware, and if they do the device names can vary. There is a configuration file for enabling the tests and setting environment specific configurations. If the tests are disabled

[PATCH v1 1/2] selinux-testsuite: Infiniband pkey tests

2017-05-24 Thread Dan Jurgens
From: Daniel Jurgens New tests for infiniband pkeys. Most users don't have Infiniband hardware, and if they do the pkey configuration is not standardized. There is a configuration file for enabling the test and setting environment specific test configurations. If the tests

[PATCH v1 0/2] Selinux tests for Infinfiband

2017-05-24 Thread Dan Jurgens
From: Daniel Jurgens Implements new tests for Infiniband pkeys and endports. Because infiniband isn't widely used, and when it is the configuration is site specific, configuration files are used to enable the tests and set environment specific settings. When the tests are

ioctl help

2017-05-24 Thread Dominick Grift
I was looking again at ioctl whitelisting, and excuse me if I overlooked some documentation, but I am having a hard time implementing this. what I did was I just wanted to basically test blacklisting a single ioctl (no particular one) So i looked into androids sepolicy and just picked a