057d72af2d
Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2.6 KiB
Infiniband Statements
To support access control for InfiniBand (IB) partitions and subnet management, security contexts are provided for: Partition Keys (Pkey) that are 16 bit numbers assigned to subnets and their IB end ports. An overview of the SELinux IB implementation can be found at: http://marc.info/?l=selinux&m=149519833917911&w=2.
ibpkeycon
Label IB partition keys. This may be a single key or a range.
Statement definition:
(ibpkeycon subnet pkey|(pkey_low pkey_high) context_id)
Where:
|
The |
| IP address in IPv6 format. |
| A single partition key or a range of partition keys. |
|
A previously declared |
Example:
An anonymous context for a partition key range of 0x0-0x10 assigned to an IPv6 subnet:
(ibpkeycon fe80:: (0 0x10) (system_u system_r kernel_t (low (s3 (cats01 cats02)))))
ibendportcon
Label IB end ports.
Statement definition:
(ibendportcon device_id port context_id)
Where:
|
The |
| A single device identifier. |
| A single port number. |
|
A previously declared |
Example:
A named context for device mlx5_0 on port 1:
(ibendportcon mlx5_0 1 system_u_bin_t_l2h)