[openib-general] [RFC/PATCH v2] rdma/cma: use the ipoib broadcast group qkey
Or Gerlitz
ogerlitz at voltaire.com
Mon Jan 22 23:51:59 PST 2007
Sean Hefty wrote:
> After more consideration, I think this is the correct approach. I've already
> started working on a patch for this that I should have done but by the end of
> the week (hopefully tomorrow).
> This checks prevents applications from trying to use port numbers below 1024
> without unless they possess the net bind service capability. A similar check
> could just be:
>
> if (ps == RDMA_PS_IPOIB && !capable(CAP_NET_BIND_SERVICE))
> return -EACCES;
OK, lets see i got it: your suggestion is that only if the process has
the net bind service capability it would be able to create RDMA_PS_IPOIB
IDs. How do processes get a possession of this capability().
Talking here, I understand that there are issues with Linux
capability()-ies , specifically capabilities are not passed through
execve() see "understanding Linux capabilities brokenness" @
http://lkml.org/lkml/2005/8/8/248
This means capabilities are practically not usable for "non root processes".
Or.
More information about the general
mailing list