> On May 3, 2017, at 3:47 PM, Arnold, Paul C CTR USARMY PEO STRI (US)
> wrote:
>
>> On 05/03/2017 03:32 PM, Stephen Smalley wrote:
>>> On Wed, 2017-05-03 at 15:14 -0400, Stephen Smalley wrote:
>>> On Wed, 2017-05-03 at 13:36 -0400, Arnold, Paul C CTR USARMY PEO STRI
>>> (US) wrote:
I have
On 5/10/2017 1:56 PM, Stephen Smalley wrote:
> On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens
>> } ibendport;
> These were pkey and ib_endport in the kernel patch, and port was
> port_num. Either way is fine but they probably ought to be consistent.
Yes, I rec
On 5/10/2017 1:51 PM, Stephen Smalley wrote:
> On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens
>>
>> Add support for reading, writing, and copying Infinabinda Pkey
> s/Infinabinda/Infiniband/
Done
>
>> --- a/libsepol/include/sepol/policydb/services.h
>> +++ b/libsepo
On 5/10/2017 1:18 PM, Stephen Smalley wrote:
> On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
>> From: Daniel Jurgens
>>
>>
>> +#ifdef DARWIN
>> +memcpy(&newc->u.ibpkey.subnet_prefix[0],
>> &subnet_prefix.s6_addr[0],
>> + sizeof(newc->u.ibpkey.subnet_prefix));
>> +#else
>> +
On Wed, May 10, 2017 at 8:58 AM, Stephen Smalley wrote:
> I'm not proposing introducing policy capabilities for those commits
> retroactively; I don't think that would be productive now that they are
> already in upstream kernels and policies. I just wanted to determine
> whether or not we think
Commit 1089665e31a647a5f0ba2eabe8ac6232b384bed9 (Add attribute
expansion options) adds an expandattribute rule to the policy.conf
language which sets a type_datum flag. Currently the flag is used
only when writing out CIL policy from a policy.conf.
Make use of the flag when expanding policy to exp
On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Update libsepol and libsemanage to work with pkey records. Add local
> storage for new and modified pkey records in pkeys.local. Update
> semanage
> to parse the pkey command options to add, modify, and delete pkeys.
On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add support for reading, writing, and copying IB end port ocontext
> data.
> Also add support for querying a IB end port sid to checkpolicy.
>
> Signed-off-by: Daniel Jurgens
> ---
> checkpolicy/checkpolicy.c
On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add checkpolicy support for scanning and parsing ibendportcon labels.
> Also create a new ocontext for IB end ports.
>
> Signed-off-by: Daniel Jurgens
> ---
> checkpolicy/policy_define.c| 70
> ++
On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add support for reading, writing, and copying Infinabinda Pkey
s/Infinabinda/Infiniband/
> ocontext
> data. Also add support for querying a Pkey sid to checkpolicy.
>
> Signed-off-by: Daniel Jurgens
> ---
> che
On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Add checkpolicy support for scanning and parsing ibpkeycon labels.
> Also
> create a new ocontext for Infiniband Pkeys and define a new policydb
> version for infiniband support.
>
> Signed-off-by: Daniel Jurgens
>
s6_addr32 is not portable; use s6_addr instead.
This obviates the need for #ifdef __APPLE__ conditionals in these cases.
Signed-off-by: Stephen Smalley
---
checkpolicy/policy_define.c | 6 --
libsepol/src/node_record.c | 8
2 files changed, 14 deletions(-)
diff --git a/checkpolicy
On Tue, 2017-05-09 at 17:44 -0400, Paul Moore wrote:
> On Tue, May 9, 2017 at 4:39 PM, Stephen Smalley
> wrote:
> > On Tue, 2017-05-09 at 13:49 -0400, Paul Moore wrote:
> > > > On 05/03/2017 12:14 PM, Stephen Smalley wrote:
> > > > >
> > > > > 1) Should we investigate lighter weight support for p
13 matches
Mail list logo