@@ -1,5 +1,8 @@
# InfiniBand Labeling Statements
+- [*ibpkeycon*](#ibpkeycon)
+- [*ibendportcon*](#ibendportcon)
+
To support access control for InfiniBand (IB) partitions and subnet
management, security contexts are provided for: Partition Keys (Pkey)
that are 16 bit numbers assigned to subnets and their IB end ports. An
@@ -13,7 +16,7 @@ Note that there are no terminating semi-colons ';' on these statements.
The *ibpkeycon* statement is used to label IB partition keys.
It is also possible to add a security context to partition keys outside
-the policy using the ***semanage ibpkey*** command that will associate the
+the policy using the *semanage ibpkey* command that will associate the
*pkey* (or range of pkeys) to a security context.
**The statement definition is:**
@@ -24,53 +27,35 @@ ibpkeycon subnet pkey pkey_context
**Where:**
-<table>
-<tbody>
-<tr>
-<td><code>ibpkeycon</code></td>
-<td>The <code>ibpkeycon</code> keyword.</td>
-</tr>
-<tr>
-<td><code>subnet</code></td>
-<td>IP address in IPv6 format.</td>
-</tr>
-<tr>
-<td><code>pkey</code></td>
-<td>Partition key number or range. The range is separated by a hyphen '-'.</td>
-</tr>
-<tr>
-<td><code>pkey_context</code></td>
-<td>The security context for the pkey(s).</td>
-</tr>
-</tbody>
-</table>
+*ibpkeycon*
+
+The *ibpkeycon* keyword.
+
+*subnet*
+
+IP address in IPv6 format.
+
+*pkey*
+
+Partition key number or range. The range is separated by a hyphen \'\-\'.
+
+*pkey_context*
+
+The security context for the pkey(s).
**The statement is valid in:**
-<table style="text-align:center">
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Monolithic Policy</strong></td>
-<td><strong>Base Policy</strong></td>
-<td><strong>Module Policy</strong></td>
-</tr>
-<tr>
-<td>Yes</td>
-<td>Yes</td>
-<td>Yes</td>
-</tr>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
-<td><strong><code>optional</code> Statement</strong></td>
-<td><strong><code>require</code> Statement</strong></td>
-</tr>
-<tr>
-<td>No</td>
-<td>No</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
+Policy Type
+
+| Monolithic Policy | Base Policy | Module Policy |
+| ----------------------- | ----------------------- | ----------------------- |
+| Yes | Yes | Yes |
+
+Conditional Policy Statements
+
+| *if* Statement | *optional* Statement | *require* Statement |
+| ----------------------- | ----------------------- | ----------------------- |
+| No | No | No |
**Examples:**
@@ -86,8 +71,8 @@ semanage ibpkey -a -t default_ibpkey_t -x fe80:: 0xFFFF
```
The above command will produce the following file:
-*/var/lib/selinux/<SELINUXTYPE>/active/ibpkeys.local*
-in the default *<SELINUXTYPE>* policy store and then activate the policy:
+*/var/lib/selinux/\<SELINUXTYPE\>/active/ibpkeys.local*
+in the default *\<SELINUXTYPE\>* policy store and then activate the policy:
```
# This file is auto-generated by libsemanage
@@ -101,7 +86,7 @@ ibpkeycon fe80:: 0xFFFF system_u:object_r:default_ibpkey_t:s0
The *ibendportcon* statement is used to label IB end ports.
It is also possible to add a security context to ports outside the
-policy using the 'semanage ibendport' command that will associate the
+policy using the *semanage ibendport* command that will associate the
end port to a security context.
**The statement definition is:**
@@ -112,53 +97,35 @@ ibendportcon device_id port_number port_context
**Where:**
-<table>
-<tbody>
-<tr>
-<td><code>ibendportcon</code></td>
-<td>The <code>ibendportcon</code> keyword.</td>
-</tr>
-<tr>
-<td><code>device_id</code></td>
-<td>Device name</td>
-</tr>
-<tr>
-<td><code>port_number</code></td>
-<td>Single port number.</td>
-</tr>
-<tr>
-<td><code>port_context</code></td>
-<td>The security context for the port.</td>
-</tr>
-</tbody>
-</table>
+*ibendportcon*
+
+The *ibendportcon* keyword.
+
+*device_id*
+
+Device name
+
+*port_number*
+
+Single port number.
+
+*port_context*
+
+The security context for the port.
**The statement is valid in:**
-<table style="text-align:center">
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Monolithic Policy</strong></td>
-<td><strong>Base Policy</strong></td>
-<td><strong>Module Policy</strong></td>
-</tr>
-<tr>
-<td>Yes</td>
-<td>Yes</td>
-<td>Yes</td>
-</tr>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Conditional Policy <code>if</code> Statement</strong></td>
-<td><strong><code>optional</code> Statement</strong></td>
-<td><strong><code>require</code> Statement</strong></td>
-</tr>
-<tr>
-<td>No</td>
-<td>No</td>
-<td>No</td>
-</tr>
-</tbody>
-</table>
+Policy Type
+
+| Monolithic Policy | Base Policy | Module Policy |
+| ----------------------- | ----------------------- | ----------------------- |
+| Yes | Yes | Yes |
+
+Conditional Policy Statements
+
+| *if* Statement | *optional* Statement | *require* Statement |
+| ----------------------- | ----------------------- | ----------------------- |
+| No | No | No |
**Examples:**
@@ -174,8 +141,8 @@ semanage ibendport -a -t opensm_ibendport_t -z mlx4_0 2
```
This command will produce the following file
-*/var/lib/selinux/<SELINUXTYPE>/active/ibendports.local* in the default
-*<SELINUXTYPE>* policy store and then activate the policy:
+*/var/lib/selinux/\<SELINUXTYPE\>/active/ibendports.local* in the default
+*\<SELINUXTYPE\>* policy store and then activate the policy:
```
# This file is auto-generated by libsemanage
Add a TOC to aid navigation and convert to markdown. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> --- src/infiniband_statements.md | 155 ++++++++++++++--------------------- 1 file changed, 61 insertions(+), 94 deletions(-)