> From: Daniel Jurgens > It would have to include the port, but idea of using a device name for this is > pretty ugly. <subnet_prefix,pkey> makes it very easy to write a policy that > can > be deployed widely. <device,port,pkey/vlan> could require many different > policies depending on the configuration of each machine. > > I've added Liran Liss, he devised the approach that's implemented. This would > be a pretty big change, with worse usability so I'd like to get his feedback.
This patch-set enables partition-based isolation for Infiniband networks in a very intuitive manner, that's it. IB partitions don't have anything to do with VLANs. --Liran _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
