On 4/12/2016 1:06 PM, Hefty, Sean wrote: >> Wouldn't QP1 require different access control than QP0 due to SA clients >> on every end node ? > > QP1 still allows modification of the fabric (e.g. multicast join) or an DoS attack against the SA. does > Though the latter probably requires restricting how a UD QP may be used. Former (multicast modifications of fabric) also requires restricting arbitrary UD QPs as well as QP1 as SA access is QPn (n > 0) <-> QP1. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
