On Tue, Aug 30, 2016 at 07:10:12PM +0000, Daniel Jurgens wrote: > On 8/30/2016 1:56 PM, Jason Gunthorpe wrote: > > > > Are subsystems usually SELinux enabled in such a piecemeal way? > > > > Are you sure the 'partition' SELinux label should not be more general > > to cover more of the similar RDMA cases? > In order to label something you have to be able to describe > something unique about an instance of it, like a Subnet Prefix/PKey > value pair. What other thing could we label more generally to > control access to a partition/VLAN? IP prefix / vlan #? How does it work in net? Shouldn't you at least have a plan for how this will expand to cover the whole subsystem?? Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
