> From: Daniel Jurgens > It would have to include the port, but idea of using a device name for this is > pretty ugly. <subnet_prefix,pkey> makes it very easy to write a policy that can > be deployed widely. <device,port,pkey/vlan> could require many different > policies depending on the configuration of each machine. > > I've added Liran Liss, he devised the approach that's implemented. This would > be a pretty big change, with worse usability so I'd like to get his feedback. This patch-set enables partition-based isolation for Infiniband networks in a very intuitive manner, that's it. IB partitions don't have anything to do with VLANs. --Liran _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
