[openib-general] Re: [PATCH] RDMA CM: assign port numbers when binding a cm_id to an address

Michael S. Tsirkin mst at mellanox.co.il
Thu Apr 20 10:22:04 PDT 2006


Quoting r. Sean Hefty <sean.hefty at intel.com>:
> Subject: RE: [PATCH] RDMA CM: assign port numbers when binding a cm_id to an address
> 
> >One small note: ipv4 on linux does this:
> >        err = -EACCES;
> >        if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
> >                goto out;
> >
> >disabling bind to ports 1-1023 for non-priveledged users.
> >
> >Do you want to add such a check in CMA, or does it belong in SDP in your
> >opinion?
> 
> I would think this check belongs in the kernel ucma, which would require adding
> it to SDP as well.
> 
> Which module is the check listed above done in?  I want to understand where this
> check is made before adding it.

For ipv4 sockets it's done in net/ipv4/af_inet.c.
grep for CAP_NET_BIND_SERVICE and you'll see it for other protocols.

-- 
MST



More information about the general mailing list