On 4/11/2016 7:06 PM, Jason Gunthorpe wrote: > On Mon, Apr 11, 2016 at 11:35:57PM +0000, Daniel Jurgens wrote: > >> OK, I'll change idbev to ibendport and smi to qp0, or qpzero if the >> SELinux user space code doesn't allow numbers in access vector identifiers. > > Do you know why you'd want to access control qp0 but leave qp1 open? > > Still seems kinda strange. > > Jason > The point is to restrict the ability to run an SM. MADs go through PKey enforcement as well. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
