On Tue, Aug 30, 2016 at 07:10:12PM +0000, Daniel Jurgens wrote: > On 8/30/2016 1:56 PM, Jason Gunthorpe wrote: > > > > Are subsystems usually SELinux enabled in such a piecemeal way? > > > > Are you sure the 'partition' SELinux label should not be more general > > to cover more of the similar RDMA cases? > In order to label something you have to be able to describe > something unique about an instance of it, like a Subnet Prefix/PKey > value pair. What other thing could we label more generally to > control access to a partition/VLAN? IP prefix / vlan #? How does it work in net? Shouldn't you at least have a plan for how this will expand to cover the whole subsystem?? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
