On Tue, Aug 30, 2016 at 3:46 AM, Leon Romanovsky <leon@xxxxxxxxxx> wrote: > On Mon, Aug 29, 2016 at 08:00:32PM -0400, Paul Moore wrote: >> On Mon, Aug 29, 2016 at 5:48 PM, Daniel Jurgens <danielj@xxxxxxxxxxxx> wrote: >> > On 8/29/2016 4:40 PM, Paul Moore wrote: >> >> On Fri, Jul 29, 2016 at 9:53 AM, Dan Jurgens <danielj@xxxxxxxxxxxx> wrote: >> >>> From: Daniel Jurgens <danielj@xxxxxxxxxxxx> >> >> ... >> >> >> >>> Daniel Jurgens (9): >> >>> IB/core: IB cache enhancements to support Infiniband security >> >>> IB/core: Enforce PKey security on QPs >> >>> selinux lsm IB/core: Implement LSM notification system >> >>> IB/core: Enforce security on management datagrams >> >>> selinux: Create policydb version for Infiniband support >> >>> selinux: Allocate and free infiniband security hooks >> >>> selinux: Implement Infiniband PKey "Access" access vector >> >>> selinux: Add IB Port SMP access vector >> >>> selinux: Add a cache for quicker retreival of PKey SIDs >> >> Hi Daniel, >> >> >> >> My apologies for such a long delay in responding to this latest >> >> patchset; conferences, travel, and vacation have made for a very busy >> >> August. After you posted the v2 patchset we had an off-list >> >> discussion regarding testing the SELinux/IB integration; unfortunately >> >> we realized that IB hardware would be needed to test this (no IB >> >> loopback device), but we agreed that having tests would be beneficial. >> >> >> >> Have you done any work yet towards adding SELinux/IB tests to the >> >> selinux-testsuite project? >> >> >> >> * https://github.com/SELinuxProject/selinux-testsuite >> > >> > Hi Paul, I've not started doing that yet. I've been waiting for feedback of any kind from the RDMA list. I thought the test updates would be more appropriate around the time I'm submitting the changes to the user space utilities to allow labeling the new types. >> >> Okay, no problem. I just want the tests in place and functional when >> we merge the kernel code. > > Hi Paul, > > IMHO, you can use Soft RoCE (RXE) [1] for it. > > ---- > Soft RoCE (RXE) - The software RoCE driver > > ib_rxe implements the RDMA transport and registers to the RDMA core > device as a kernel verbs provider. It also implements the packet IO > layer. On the other hand ib_rxe registers to the Linux netdev stack > as a udp encapsulating protocol, in that case RDMA, for sending and > receiving packets over any Ethernet device. This yields a RDMA > transport over the UDP/Ethernet network layer forming a RoCEv2 > compatible device. > > The configuration procedure of the Soft RoCE drivers requires > binding to any existing Ethernet network device. This is done with > /sys interface. > ---- > > [1] > https://git.kernel.org/cgit/linux/kernel/git/dledford/rdma.git/tree/drivers/infiniband/sw/rxe Hi Leon, It looks like v4.8 will have all the necessary pieces for this, yes? Is there any documentation on this other than the git log? Keep in mind I'm looking at this from the SELinux side, I'm very Infiniband ignorant at the moment; although Daniel has been very patient in walking me through some of the basics. Daniel, does this look like something we might be able to use? -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.