[openib-general] rdma/cma: use the ipoib broadcast group qkey - linux capabilities
Or Gerlitz
ogerlitz at voltaire.com
Tue Jan 23 00:09:08 PST 2007
Or Gerlitz wrote:
>> This checks prevents applications from trying to use port numbers below 1024
>> without unless they possess the net bind service capability. A similar check
>> could just be:
>>
>> if (ps == RDMA_PS_IPOIB && !capable(CAP_NET_BIND_SERVICE))
>> return -EACCES;
>
> OK, lets see i got it: your suggestion is that only if the process has
> the net bind service capability it would be able to create RDMA_PS_IPOIB
> IDs. How do processes get a possession of this capability().
>
> Talking here, I understand that there are issues with Linux
> capability()-ies , specifically capabilities are not passed through
> execve() see "understanding Linux capabilities brokenness" @
> http://lkml.org/lkml/2005/8/8/248
>
> This means capabilities are practically not usable for "non root processes".
I have now got a pointer to this more recent LKML discussion where a
patch was suggested to solve the problem "patch to make Linux
capabilities into something useful (v 0.3.1)" @
http://lkml.org/lkml/2006/9/5/246
This means that unless someone proves that capabilities are not broken,
we will allow (eg under some mod param) non-root apps to create
RDMA_PS_IPOIB IDs, OK?
Or.
More information about the general
mailing list