Re: [PATCH v2 0/9] SELinux support for Infiniband RDMA

2016-07-22 Thread Paul Moore 
On Thu, Jul 14, 2016 at 6:56 PM, Dan Jurgens  wrote:
> From: Daniel Jurgens 
>
> The selinux next tree is missing some patches for IB/core.  This series
> applies cleanly to ib-next, and should apply cleanly to selinux-next once
> the IB patches are merged.

Hi Dan,

Thanks for the updated patchset, I'm taking a look at it today.  I do
have one question, related but independent to your patches: is there a
way to test the LSM controlled portions of the Infiniband stack
without any IB hardware (e.g. is there an IB "loopback" device)?  I'm
asking because we are really trying to make sure we have tests for any
new code/functionality we add to SELinux, and requiring IB hardware to
test the IB access controls would make this difficult.

* https://github.com/SELinuxProject/selinux-testsuite

-Paul

-- 
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH v2 0/9] SELinux support for Infiniband RDMA

2016-07-22 Thread Daniel Jurgens 
On 7/22/2016 10:46 AM, Paul Moore wrote:
> On Thu, Jul 14, 2016 at 6:56 PM, Dan Jurgens  wrote:
>> From: Daniel Jurgens 
>>
>> The selinux next tree is missing some patches for IB/core.  This series
>> applies cleanly to ib-next, and should apply cleanly to selinux-next once
>> the IB patches are merged.
> Hi Dan,
>
> Thanks for the updated patchset, I'm taking a look at it today.  I do
> have one question, related but independent to your patches: is there a
> way to test the LSM controlled portions of the Infiniband stack
> without any IB hardware (e.g. is there an IB "loopback" device)?  I'm
> asking because we are really trying to make sure we have tests for any
> new code/functionality we add to SELinux, and requiring IB hardware to
> test the IB access controls would make this difficult.
>
> * https://github.com/SELinuxProject/selinux-testsuite
>
> -Paul
>
I found this: https://github.com/nminoru/pib but haven't used it.  I'll try 
playing with it and see if it can serve this purpose.



___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.