Add a TOC to aid navigation and convert to markdown. Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> --- src/infiniband_statements.md | 155 ++++++++++++++--------------------- 1 file changed, 61 insertions(+), 94 deletions(-) diff --git a/src/infiniband_statements.md b/src/infiniband_statements.md index 492bdb6..943cee6 100644 --- a/src/infiniband_statements.md +++ b/src/infiniband_statements.md @@ -1,5 +1,8 @@ # InfiniBand Labeling Statements +- [*ibpkeycon*](#ibpkeycon) +- [*ibendportcon*](#ibendportcon) + To support access control for InfiniBand (IB) partitions and subnet management, security contexts are provided for: Partition Keys (Pkey) that are 16 bit numbers assigned to subnets and their IB end ports. An @@ -13,7 +16,7 @@ Note that there are no terminating semi-colons ';' on these statements. The *ibpkeycon* statement is used to label IB partition keys. It is also possible to add a security context to partition keys outside -the policy using the ***semanage ibpkey*** command that will associate the +the policy using the *semanage ibpkey* command that will associate the *pkey* (or range of pkeys) to a security context. **The statement definition is:** @@ -24,53 +27,35 @@ ibpkeycon subnet pkey pkey_context **Where:** -<table> -<tbody> -<tr> -<td><code>ibpkeycon</code></td> -<td>The <code>ibpkeycon</code> keyword.</td> -</tr> -<tr> -<td><code>subnet</code></td> -<td>IP address in IPv6 format.</td> -</tr> -<tr> -<td><code>pkey</code></td> -<td>Partition key number or range. The range is separated by a hyphen '-'.</td> -</tr> -<tr> -<td><code>pkey_context</code></td> -<td>The security context for the pkey(s).</td> -</tr> -</tbody> -</table> +*ibpkeycon* + +The *ibpkeycon* keyword. + +*subnet* + +IP address in IPv6 format. + +*pkey* + +Partition key number or range. The range is separated by a hyphen \'\-\'. + +*pkey_context* + +The security context for the pkey(s). **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>Yes</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type + +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | Yes | + +Conditional Policy Statements + +| *if* Statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Examples:** @@ -86,8 +71,8 @@ semanage ibpkey -a -t default_ibpkey_t -x fe80:: 0xFFFF ``` The above command will produce the following file: -*/var/lib/selinux/<SELINUXTYPE>/active/ibpkeys.local* -in the default *<SELINUXTYPE>* policy store and then activate the policy: +*/var/lib/selinux/\<SELINUXTYPE\>/active/ibpkeys.local* +in the default *\<SELINUXTYPE\>* policy store and then activate the policy: ``` # This file is auto-generated by libsemanage @@ -101,7 +86,7 @@ ibpkeycon fe80:: 0xFFFF system_u:object_r:default_ibpkey_t:s0 The *ibendportcon* statement is used to label IB end ports. It is also possible to add a security context to ports outside the -policy using the 'semanage ibendport' command that will associate the +policy using the *semanage ibendport* command that will associate the end port to a security context. **The statement definition is:** @@ -112,53 +97,35 @@ ibendportcon device_id port_number port_context **Where:** -<table> -<tbody> -<tr> -<td><code>ibendportcon</code></td> -<td>The <code>ibendportcon</code> keyword.</td> -</tr> -<tr> -<td><code>device_id</code></td> -<td>Device name</td> -</tr> -<tr> -<td><code>port_number</code></td> -<td>Single port number.</td> -</tr> -<tr> -<td><code>port_context</code></td> -<td>The security context for the port.</td> -</tr> -</tbody> -</table> +*ibendportcon* + +The *ibendportcon* keyword. + +*device_id* + +Device name + +*port_number* + +Single port number. + +*port_context* + +The security context for the port. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>Yes</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type + +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | Yes | + +Conditional Policy Statements + +| *if* Statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Examples:** @@ -174,8 +141,8 @@ semanage ibendport -a -t opensm_ibendport_t -z mlx4_0 2 ``` This command will produce the following file -*/var/lib/selinux/<SELINUXTYPE>/active/ibendports.local* in the default -*<SELINUXTYPE>* policy store and then activate the policy: +*/var/lib/selinux/\<SELINUXTYPE\>/active/ibendports.local* in the default +*\<SELINUXTYPE\>* policy store and then activate the policy: ``` # This file is auto-generated by libsemanage -- 2.26.2
