Sean Hefty wrote: > After more consideration, I think this is the correct approach. I've already > started working on a patch for this that I should have done but by the end of > the week (hopefully tomorrow).
> This checks prevents applications from trying to use port numbers below 1024 > without unless they possess the net bind service capability. A similar check > could just be: > > if (ps == RDMA_PS_IPOIB && !capable(CAP_NET_BIND_SERVICE)) > return -EACCES; OK, lets see i got it: your suggestion is that only if the process has the net bind service capability it would be able to create RDMA_PS_IPOIB IDs. How do processes get a possession of this capability(). Talking here, I understand that there are issues with Linux capability()-ies , specifically capabilities are not passed through execve() see "understanding Linux capabilities brokenness" @ http://lkml.org/lkml/2005/8/8/248 This means capabilities are practically not usable for "non root processes". Or. _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
