On 4/12/2016 1:58 PM, Jason Gunthorpe wrote: > On Tue, Apr 12, 2016 at 05:06:45PM +0000, Hefty, Sean wrote: >>> Wouldn't QP1 require different access control than QP0 due to SA clients >>> on every end node ? >> >> QP1 still allows modification of the fabric (e.g. multicast join) or >> an DoS attack against the SA. Though the latter probably requires >> restricting how a UD QP may be used. > > Right, I don't disagree we should have smp and gmp 'just in case' > (fine names as well) labels, I just don't really understand why you'd > trust something enough to grant gmp but not enough for smp... > > Particularly encouraging people to grant gmp as though that was 'safe' > is really bad advice. I'm not sure what the motivation is either. The nature of the QP1 threat is somewhat different from the QP0 threat. Only thing I can think of is that it's hard to protect GMPs/QP1 since any UD QP can send to QP1. -- Hal > Which in turn makes me wonder why the umad dev node label is not > sufficient. > > Jason > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
