On 4/12/2016 1:06 PM, Hefty, Sean wrote: >> Wouldn't QP1 require different access control than QP0 due to SA clients >> on every end node ? > > QP1 still allows modification of the fabric (e.g. multicast join) or an DoS > attack against the SA. does > Though the latter probably requires restricting how a UD QP may be used.
Former (multicast modifications of fabric) also requires restricting arbitrary UD QPs as well as QP1 as SA access is QPn (n > 0) <-> QP1. _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
