On 5/24/2017 6:58 PM, Chris PeBenito wrote:
> On 05/24/2017 10:14 AM, Dan Jurgens wrote:
>> From: Daniel Jurgens <[email protected]>
>>
>> Every Infiniband network will have a default pkey, so that is labeled.
>> The rest of the pkey configuration is network specific. The policy allows
>> access to the default and unlabeled pkeys for sysadm and staff users.
>> kernel_t is allowed access to all pkeys, which it needs to process and
>> route management datagrams.
>>
>> Endports are all unlabeled by default, sysadm users are allowed to
>> manage the subnet on unlabeled endports. kernel_t is allowed to manage
>> the subnet on all ibendports, which is required for configuring the HCA.
>>
>> This patch requires selinux series: "SELinux user space support for
>> Infiniband RDMA", due to the new ipkeycon labeling mechanism.
>>
>> Signed-off-by: Daniel Jurgens <[email protected]>
>>
> Merged, though I moved some lines.
>
Thanks Chris!