On 4/13/2016 7:27 PM, Ira Weiny wrote: > On Wed, Apr 13, 2016 at 04:47:48PM +0000, Sean Hefty wrote: >>> Former (multicast modifications of fabric) also requires restricting >>> arbitrary UD QPs as well as QP1 as SA access is QPn (n > 0) <-> QP1. >> >> The SA could have an option to ignore all requests that do not originate QP1, >> then protect access to QP1 on the client nodes. > > I'm not really sure what we are protecting against here. Is it simply DoS > against the SA? > > Ira > >> -- >> >> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > A DoS attack against the SA is out of scope for this proposed change. SELinux provides access control. Preventing a user from maliciously doing something you've given them permission to do is a different problem. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
