Infiniband Statements ===================== To support access control for InfiniBand (IB) partitions and subnet management, security contexts are provided for: Partition Keys (Pkey) that are 16 bit numbers assigned to subnets and their IB end ports. An overview of the SELinux IB implementation can be found at: [http://marc.info/?l=selinux&m=149519833917911&w=2](http://marc.info/?l=selinux&m=149519833917911&w=2). ibpkeycon --------- Label IB partition keys. This may be a single key or a range. **Statement definition:** ```secil (ibpkeycon subnet pkey|(pkey_low pkey_high) context_id) ``` **Where:**

`ibpkeycon`	The `ibpkeycon` keyword.
`subnet`	IP address in IPv6 format.
`pkey \| (pkey_low pkey_high)`	A single partition key or a range of partition keys.
`context_id`	A previously declared `context` identifier or an anonymous security context (`user role type levelrange`), the range MUST be defined whether the policy is MLS/MCS enabled or not.

**Example:** An anonymous context for a partition key range of `0x0-0x10` assigned to an IPv6 subnet: ```secil (ibpkeycon fe80:: (0 0x10) (system_u system_r kernel_t (low (s3 (cats01 cats02))))) ``` ibendportcon ------------ Label IB end ports. **Statement definition:** ```secil (ibendportcon device_id port context_id) ``` **Where:**

`ibendportcon`	The `ibendportcon` keyword.
`device_id`	A single device identifier.
`port`	A single port number.
`context_id`	A previously declared `context` identifier or an anonymous security context (`user role type levelrange`), the range MUST be defined whether the policy is MLS/MCS enabled or not.

**Example:** A named context for device `mlx5_0` on port `1`: ```secil (ibendportcon mlx5_0 1 system_u_bin_t_l2h) ```