On Wed, May 3, 2017 at 3:45 PM, Daniel Jurgens [off-list ref] wrote:

On 5/3/2017 9:41 AM, Paul Moore wrote:

quoted

On Wed, Nov 23, 2016 at 9:17 AM, Dan Jurgens [off-list ref] wrote:

quoted

From: Daniel Jurgens <redacted>

Infiniband applications access HW from user-space -- traffic is generated
directly by HW, bypassing the kernel. Consequently, Infiniband Partitions,
which are associated directly with HW transport endpoints, are a natural
choice for enforcing granular mandatory access control for Infiniband. QPs may
only send or receives packets tagged with the corresponding partition key
(PKey). The PKey is not a cryptographic key; it's a 16 bit number identifying
the partition ...

Hi Dan,

I haven't heard anything from you in a while, where do things stand
with this effort?  Unless I missed them, I believe we are still
waiting on the userspace, SELinux reference policy, and
selinux-testsuite patches.

Hi Paul,

    I got distracted for a while.  I've just rebased the kernel and userspace.  I'll do some testing and submit the userspace code in the next couple days.  I still have to write the selinux-testsuite tests, I'll work on those concurrently with the userspace review cycle.

Great, thanks for the update.  We'll look forward to the patches.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html