From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hal Rosenstock Subject: Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA Date: Tue, 12 Apr 2016 01:21:59 -0400 Message-ID: <570C85F7.5010101@dev.mellanox.co.il> References: <1459985638-37233-1-git-send-email-danielj@mellanox.com> <20160411201155.GC371@obsidianresearch.com> <20160411221210.GA5861@obsidianresearch.com> <20160411231250.GB5861@obsidianresearch.com> <20160412000621.GD5861@obsidianresearch.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20160412000621.GD5861-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> Sender: linux-rdma-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Jason Gunthorpe , Daniel Jurgens Cc: "selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org" , "linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Yevgeny Petrilin List-Id: linux-rdma@vger.kernel.org On 4/11/2016 8:06 PM, Jason Gunthorpe wrote: > On Mon, Apr 11, 2016 at 11:35:57PM +0000, Daniel Jurgens wrote: > >> OK, I'll change idbev to ibendport and smi to qp0, or qpzero if the >> SELinux user space code doesn't allow numbers in access vector identifiers. > > Do you know why you'd want to access control qp0 but leave qp1 open? Wouldn't QP1 require different access control than QP0 due to SA clients on every end node ? -- Hal > Still seems kinda strange. > > Jason > -- > To unsubscribe from this list: send the line "unsubscribe linux-rdma" in > the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3C5M5u3015985 for ; Tue, 12 Apr 2016 01:22:05 -0400 Received: by mail-wm0-f66.google.com with SMTP id y144so2376973wmd.0 for ; Mon, 11 Apr 2016 22:22:03 -0700 (PDT) Subject: Re: [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA To: Jason Gunthorpe , Daniel Jurgens References: <1459985638-37233-1-git-send-email-danielj@mellanox.com> <20160411201155.GC371@obsidianresearch.com> <20160411221210.GA5861@obsidianresearch.com> <20160411231250.GB5861@obsidianresearch.com> <20160412000621.GD5861@obsidianresearch.com> Cc: "selinux@tycho.nsa.gov" , "linux-security-module@vger.kernel.org" , "linux-rdma@vger.kernel.org" , Yevgeny Petrilin From: Hal Rosenstock Message-ID: <570C85F7.5010101@dev.mellanox.co.il> Date: Tue, 12 Apr 2016 01:21:59 -0400 MIME-Version: 1.0 In-Reply-To: <20160412000621.GD5861@obsidianresearch.com> Content-Type: text/plain; charset=windows-1252 List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On 4/11/2016 8:06 PM, Jason Gunthorpe wrote: > On Mon, Apr 11, 2016 at 11:35:57PM +0000, Daniel Jurgens wrote: > >> OK, I'll change idbev to ibendport and smi to qp0, or qpzero if the >> SELinux user space code doesn't allow numbers in access vector identifiers. > > Do you know why you'd want to access control qp0 but leave qp1 open? Wouldn't QP1 require different access control than QP0 due to SA clients on every end node ? -- Hal > Still seems kinda strange. > > Jason > -- > To unsubscribe from this list: send the line "unsubscribe linux-rdma" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >