[RFC,selinux-notebook,06/18] xen_statements: fully convert to markdown

Message ID	159650483517.8961.12011786927723219806.stgit@sifl (mailing list archive)
State	Accepted
Headers	show Return-Path: <SRS0=dV66=BO=vger.kernel.org=selinux-owner@kernel.org> Subject: [RFC,selinux-notebook PATCH 06/18] xen_statements: fully convert to markdown From: Paul Moore <paul@paul-moore.com> To: selinux@vger.kernel.org Date: Mon, 03 Aug 2020 21:33:55 -0400 Message-ID: <159650483517.8961.12011786927723219806.stgit@sifl> In-Reply-To: <159650470076.8961.12721446818345626943.stgit@sifl> References: <159650470076.8961.12721446818345626943.stgit@sifl> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	markdown conversions and cleanups \| expand [RFC,selinux-notebook,00/18] markdown conversions and cleanups [RFC,selinux-notebook,01/18] build: explicitly enable pandoc pipe_tables [RFC,selinux-notebook,02/18] css: identify table layout hacks [RFC,selinux-notebook,03/18] css: style improvements [RFC,selinux-notebook,04/18] x_windows: fully convert to markdown [RFC,selinux-notebook,05/18] xperm_rules: fully convert to markdown [RFC,selinux-notebook,06/18] xen_statements: fully convert to markdown [RFC,selinux-notebook,07/18] vm_support: fully convert to markdown [RFC,selinux-notebook,08/18] user_statements: fully convert to markdown [RFC,selinux-notebook,09/18] userspace_libraries: fully convert to markdown [RFC,selinux-notebook,10/18] type_statements: fully convert to markdown [RFC,selinux-notebook,11/18] postgresql: update PostgreSQL SELinux Support section [RFC,selinux-notebook,12/18] all: remove all the <br> tags we haven't gotten to yet [RFC,selinux-notebook,13/18] all: unify example formatting (scripts, code, policy, etc) in markdown [RFC,selinux-notebook,15/18] all: consolidate multiple blank lines into one [RFC,selinux-notebook,16/18] kernel_policy_language: convert the footnotes to markdown [RFC,selinux-notebook,17/18] title: assorted updates [RFC,selinux-notebook,18/18] x_windows: don't call table 12 a table

diff --git a/src/xen_statements.md b/src/xen_statements.md index ce968de..5688893 100644 --- a/src/xen_statements.md +++ b/src/xen_statements.md @@ -1,12 +1,12 @@ # Xen Statements -Xen policy supports additional policy language statements: `iomemcon`, -`ioportcon`, `pcidevicecon`, `pirqcon` and `devicetreecon` that are +Xen policy supports additional policy language statements: *iomemcon*, +*ioportcon*, *pcidevicecon*, *pirqcon* and *devicetreecon* that are discussed in the sections that follow, also the [**XSM/FLASK Configuration**](http://xenbits.xen.org/docs/4.2-testing/misc/xsm-flask.txt) document contains further information. -Policy version 30 introduced the `devicetreecon` statement and also +Policy version 30 introduced the *devicetreecon* statement and also expanded the existing I/O memory range to 64 bits in order to support hardware with more than 44 bits of physical address space (32-bit count of 4K pages). @@ -14,9 +14,7 @@ of 4K pages). To compile these additional statements using ***semodule**(8)*, ensure that the ***semanage.conf**(5)* file has the *policy-target=xen* entry. -<br> - -## `iomemcon` +## *iomemcon* Label i/o memory. This may be a single memory location or a range. @@ -26,50 +24,32 @@ Label i/o memory. This may be a single memory location or a range. **Where:** -<table> -<tbody> -<tr> -<td><code>iomemcon</code></td> -<td>The <code>iomemcon</code> keyword.</td> -</tr> -<tr> -<td><code>addr</code></td> -<td>The memory address to apply the context. This may also be a range that consists of a start and end address separated by a hypen '-'.</td> -</tr> -<tr> -<td><code>context</code></td> -<td>The security context to be applied.</td> -</tr> -</tbody> -</table> +*iomemcon* + +The *iomemcon* keyword. + +*addr* +The memory address to apply the context. This may also be a range that consists +of a start and end address separated by a hypen \'-\'. + +*context* + +The security context to be applied. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type + +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Examples:** @@ -78,9 +58,7 @@ iomemcon 0xfebd9 system_u:object_r:nicP_t iomemcon 0xfebe0-0xfebff system_u:object_r:nicP_t ``` -<br> - -## `ioportcon` +## *ioportcon* Label i/o ports. This may be a single port or a range. @@ -90,49 +68,32 @@ Label i/o ports. This may be a single port or a range. **Where:** -<table> -<tbody> -<tr> -<td><code>ioportcon</code></td> -<td>The <code>ioportcon</code> keyword.</td> -</tr> -<tr> -<td><code>port</code></td> -<td>The <code>port</code> to apply the context. This may also be a range that consists of a start and end port number separated by a hypen '-'.</td> -</tr> -<tr> -<td><code>context</code></td> -<td>The security context to be applied.</td> -</tr> -</tbody> -</table> +*ioportcon* + +The *ioportcon* keyword. + +*port* + +The *port* to apply the context. This may also be a range that consists of a +start and end port number separated by a hypen \'-\'. + +*context* + +The security context to be applied. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type + +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Examples:** @@ -141,9 +102,7 @@ ioportcon 0xeac0 system_u:object_r:nicP_t ioportcon 0xecc0-0xecdf system_u:object_r:nicP_t ``` -<br> - -## `pcidevicecon` +## *pcidevicecon* Label a PCI device. @@ -153,57 +112,37 @@ Label a PCI device. **Where:** -<table> -<tbody> -<tr> -<td><code>pcidevicecon</code></td> -<td>The <code>pcidevicecon</code> keyword.</td> -</tr> -<tr> -<td><code>pci_id</code></td> -<td>The PCI indentifer.</td> -</tr> -<tr> -<td><code>context</code></td> -<td>The security context to be applied.</td> -</tr> -</tbody> -</table> +*pcidevicecon* + +The *pcidevicecon* keyword. + +*pci_id* + +The PCI indentifer. + +*context* + +The security context to be applied. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type + +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Example:** `pcidevicecon 0xc800 system_u:object_r:nicP_t` -<br> - -## `pirqcon` +## *pirqcon* Label an interrupt level. @@ -213,57 +152,37 @@ Label an interrupt level. **Where:** -<table> -<tbody> -<tr> -<td><code>pirqcon</code></td> -<td>The <code>pirqcon</code> keyword.</td> -</tr> -<tr> -<td><code>irq</code></td> -<td>The interrupt request number.</td> -</tr> -<tr> -<td><code>context</code></td> -<td>The security context to be applied.</td> -</tr> -</tbody> -</table> +*pirqcon* + +The *pirqcon* keyword. + +*irq* + +The interrupt request number. + +*context* + +The security context to be applied. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type + +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Example:** `pirqcon 33 system_u:object_r:nicP_t` -<br> - -## `devicetreecon` +## *devicetreecon* Label device tree nodes. @@ -273,57 +192,36 @@ Label device tree nodes. **Where:** -<table> -<tbody> -<tr> -<td><code>devicetreecon</code></td> -<td>The <code>devicetreecon</code> keyword.</td> -</tr> -<tr> -<td><code>path</code></td> -<td>The device tree path. If this contains spaces enclose within <em>""</em> as shown in the example.</td> -</tr> -<tr> -<td><code>context</code></td> -<td>The security context to be applied.</td> -</tr> -</tbody> -</table> +*devicetreecon* + +The *devicetreecon* keyword. + +*path* + +The device tree path. If this contains spaces enclose within *""* as shown in +the example. + +*context* + +The security context to be applied. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | -**Example:** +Conditional Policy Statements -`devicetreecon "/this is/a/path" system_u:object_r:arm_path` +| *if* statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | +**Example:** -<br> +`devicetreecon "/this is/a/path" system_u:object_r:arm_path`

[RFC,selinux-notebook,06/18] xen_statements: fully convert to markdown

Commit Message

Patch