On Thu, Sep 08, 2016 at 03:14:57PM -0400, ira.weiny wrote: > On Thu, Sep 08, 2016 at 10:19:48AM -0600, Jason Gunthorpe wrote: > > On Thu, Sep 08, 2016 at 02:12:48PM +0000, Daniel Jurgens wrote: > > > > > It would have to include the port, but idea of using a device name > > > for this is pretty ugly. <subnet_prefix,pkey> makes it very easy to > > > write a policy that can be deployed widely. <device,port,pkey/vlan> > > > could require many different policies depending on the configuration > > > of each machine. > > > > What does net do? Should we have a way to unformly label the rdma ports? > > Uniformly label them on the local node or across a cluster? However we want. If the argument comes down to 'we stupidly choose to call our devices mlx5_0', then lets allow the admin rename that to 'rdma0' and a cluster wide config file will apply uniformly. This approach applies to all configuration related to rdma, not just SELinux. > > If they are not written to disk I don't see the problem, the dynamic > > injector will have to figure out what interface is what. > > Who is the "dynamic injector"? Docker, for instance. Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
