On 4/13/2016 7:10 AM, Hal Rosenstock wrote: > On 4/12/2016 1:58 PM, Jason Gunthorpe wrote: >> On Tue, Apr 12, 2016 at 05:06:45PM +0000, Hefty, Sean wrote: >>>> Wouldn't QP1 require different access control than QP0 due to SA clients >>>> on every end node ? >>> >>> QP1 still allows modification of the fabric (e.g. multicast join) or >>> an DoS attack against the SA. Though the latter probably requires >>> restricting how a UD QP may be used. >> >> Right, I don't disagree we should have smp and gmp 'just in case' >> (fine names as well) labels, I just don't really understand why you'd >> trust something enough to grant gmp but not enough for smp... >> >> Particularly encouraging people to grant gmp as though that was 'safe' >> is really bad advice. > > I'm not sure what the motivation is either. The nature of the QP1 threat > is somewhat different from the QP0 threat. Only thing I can think of is > that it's hard to protect GMPs/QP1 since any UD QP can send to QP1. > > -- Hal > >> Which in turn makes me wonder why the umad dev node label is not >> sufficient. >> >> Jason >> > I've asked Liran to look over this thread, I'd like him to weigh in. He said he will have time tomorrow. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
