On Thu, Jun 23, 2016 at 3:52 PM, Dan Jurgens <danielj@xxxxxxxxxxxx> wrote:
> From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
>
> Add nine new hooks
> 1. Allocate security contexts for Infiniband QPs.
> 2. Free security contexts for Infiniband QPs.
> 3. Allocate security contexts for Infiniband MAD agents.
> 4. Free security contexts for Infiniband MAD agents.
> 5. Enforce QP access to Pkeys
> 6. Enforce MAD agent access to Pkeys
> 7. Enforce MAD agent access to Infiniband End Ports for sending Subnet
> Management Packets (SMP)
> 8. A hook to register a callback to receive notifications of
> security policy or enforcement changes. Restricting a QPs access to
> a pkey will be done during setup and not on a per packet basis
> access must be enforced again.
> 9. A hook to unregister the callback.
>
> Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx>
> Reviewed-by: Eli Cohen <eli@xxxxxxxxxxxx>
> ---
> include/linux/lsm_hooks.h | 71 ++++++++++++++++++++++++++++++++++++++++
> include/linux/security.h | 63 +++++++++++++++++++++++++++++++++++
> include/rdma/ib_verbs.h | 4 +++
> security/Kconfig | 9 +++++
> security/security.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++
> 5 files changed, 230 insertions(+)
...
> diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
> index 432bed5..3f6780b 100644
> --- a/include/rdma/ib_verbs.h
> +++ b/include/rdma/ib_verbs.h
> @@ -1428,6 +1428,10 @@ struct ib_srq {
> } ext;
> };
>
> +struct ib_qp_security {
> + void *q_security;
> +};
Sorry, I missed this earlier and didn't realize it until I was going
through 4/12 ... why both with ib_qp_security? Why not just use a
straight void pointer?
--
paul moore
security @ redhat
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
