On 4/13/2016 7:27 PM, Ira Weiny wrote: > On Wed, Apr 13, 2016 at 04:47:48PM +0000, Sean Hefty wrote: >>> Former (multicast modifications of fabric) also requires restricting >>> arbitrary UD QPs as well as QP1 as SA access is QPn (n > 0) <-> QP1. >> >> The SA could have an option to ignore all requests that do not originate QP1, >> then protect access to QP1 on the client nodes. > > I'm not really sure what we are protecting against here. Is it simply DoS > against the SA? > > Ira > >> -- >> >> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in >> the body of a message to [email protected] >> More majordomo info at http://vger.kernel.org/majordomo-info.html >
A DoS attack against the SA is out of scope for this proposed change. SELinux provides access control. Preventing a user from maliciously doing something you've given them permission to do is a different problem. _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
