On Thu, Sep 08, 2016 at 02:12:48PM +0000, Daniel Jurgens wrote: > It would have to include the port, but idea of using a device name > for this is pretty ugly. <subnet_prefix,pkey> makes it very easy to > write a policy that can be deployed widely. <device,port,pkey/vlan> > could require many different policies depending on the configuration > of each machine. What does net do? Should we have a way to unformly label the rdma ports? How do you imagine these policies working anyhow? They cannot be shipped from a distro. Are these going to be labeled on filesystem objects? (how doe that work??) Or somehow injected when starting a container? If they are not written to disk I don't see the problem, the dynamic injector will have to figure out what interface is what. Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
