On Mon, Apr 11, 2016 at 10:30:54PM +0000, Daniel Jurgens wrote: > > SMI is not umad. SMI should only refer to the SMA access channel on a > > specific node, and I have no idea why someone would want to restrict > > local SMA access independently of generic umad qp0 access. Just call > > it QP0 or QP1 or umad. > > > > SMI is an obscure internal term that should not be user facing. > The point of control here is MAD agent registration and MAD transmit and > receive. When a MAD agent is created it inherits the security ID of > it's parent task. For MAD agents that have a QP of type IB_QPT_SMI, > when an attempt is made to send a MAD the security ID of the MAD agent > is checked for access to the SMI vector of the IB device (to become End > Port). This is only for MAD agents that have a qp with of type > IB_QPT_SMI. So having umad as the access vector is too broad. Like I said, the user facing name should be QP0 in that case. Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
