On Fri, Mar 3, 2023 at 4:12 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Fri, Mar 3, 2023 at 3:08 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > Add missing policy rule needed on systems with strict resource limits, > > add another missing rule to reduce AVC noise, and simplify how IB tests > > are activated. > > > > Tested on an aarch64 machine with an IB device and RHEL-8.7 installed. > > > > v2: add comments explaining the newly added policy rules > > > > Ondrej Mosnacek (3): > > policy: make sure test_ibpkey_access_t can lock enough memory > > policy: allow test_ibpkey_access_t to use RDMA netlink sockets > > tests/infiniband*: simplify test activation > > > > Vagrantfile | 1 + > > policy/test_ibpkey.te | 8 +++++++ > > tests/Makefile | 11 ++------- > > tests/infiniband_endport/test | 39 ++++++++++++++++++------------- > > tests/infiniband_pkey/test | 44 ++++++++++++++++++++--------------- > > 5 files changed, 59 insertions(+), 44 deletions(-) > > > > -- > > 2.39.2 > > > > Forgot to add v2 into the subject... Please imagine it's there :) The v2 is now applied. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
