On Thu, Apr 07, 2016 at 02:33:45AM +0300, Dan Jurgens wrote: > Currently there is no way to provide granular access control to an Infiniband > fabric. By providing an ability to restrict user access to specific virtual > subfabrics administrators can limit access to bandwidth and isolate users on > the fabric. Do you actually have a concrete use case for this? This seems superficially similar to netlabel, which I guess targets a certain niche, but I'm really wondering with all the other container patches if this was supposed to be done with namespaces... > An Infiniband device (ibdev) is labeled by name and port number. There is a > single access vector for ibdevs as well, called "smi". This is called an End Port (SMI is something else in the IB spec). Please use the standard terminology. Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
