Re: [PATCH testsuite 2/3] policy: allow test_ibpkey_access_t to use RDMA netlink sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 1, 2023 at 10:25 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Tue, Feb 28, 2023 at 6:01 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Tue, Feb 28, 2023 at 9:13 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> > >
> > > ibv_get_device_list(3) first tries to get the device list via netlink
> > > and if that fails it falls back to getting it from sysfs. Currently the
> > > policy denies getting it from netlink, generating some denials. Allow
> > > test_ibpkey_access_t the necessary permissions so it can do it the
> > > preferred way and doesn't generate audit AVC noise.
> > >
> > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> > > ---
> > >  policy/test_ibpkey.te | 1 +
> > >  1 file changed, 1 insertion(+)
> >
> > Similar to the other policy issue, it seems like this is a general
> > problem and not specifically a selinux-testsuite issue, right?  If
> > that is the case should we fix this in refpol?  I think it's okay to
> > put a temporary fix in the test suite, but we should also push to fix
> > this in refpol.
>
> Basically the same as I said in the first paragraph of my reply under
> patch 1 applies here, just in this case we are talking about users of
> ibv_get_device_list(3) instead of ibv_create_cq(3).

Yeah, let's just tackle this in the other thread, at this point it's a
bit silly to duplicate the discussion.

-- 
paul-moore.com




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux