[openib-general] rdma/cma: use the ipoib broadcast group qkey - linux capabilities

Or Gerlitz ogerlitz at voltaire.com
Tue Jan 23 00:09:08 PST 2007


Or Gerlitz wrote:
>> This checks prevents applications from trying to use port numbers below 1024
>> without unless they possess the net bind service capability.  A similar check
>> could just be:
>>
>> if (ps == RDMA_PS_IPOIB && !capable(CAP_NET_BIND_SERVICE))
>> 	return -EACCES;
> 
> OK, lets see i got it: your suggestion is that only if the process has 
> the net bind service capability it would be able to create RDMA_PS_IPOIB 
> IDs. How do processes get a possession of this capability().
> 
> Talking here, I understand that there are issues with Linux 
> capability()-ies , specifically capabilities are not passed through 
> execve() see "understanding Linux capabilities brokenness" @ 
> http://lkml.org/lkml/2005/8/8/248
> 
> This means capabilities are practically not usable for "non root processes".

I have now got a pointer to this more recent LKML discussion where a 
patch was suggested to solve the problem "patch to make Linux 
capabilities into something useful (v 0.3.1)" @ 
http://lkml.org/lkml/2006/9/5/246

This means that unless someone proves that capabilities are not broken, 
we will allow (eg under some mod param) non-root apps to create 
RDMA_PS_IPOIB IDs, OK?

Or.






More information about the general mailing list