On Fri, 2009-01-23 at 05:46 +0000, Roland Dreier wrote: > > I missed a key part of this paragraph before. You say that the whole point > > is that > > unprivileged userspace applications can use RDMA directly? > > Yes, non-suid executables run by normal users should be able to use RDMA > directly in a safe fashion. > > > If that's the case, should these devices not simply have -rw-rw-rw > permissions (like > > /dev/net/tun, /dev/fuse, etc.) so that all userspace applications can use > them? > > Having 0666 permissions would not necessarily be a bad idea, but the > consensus among other distributions is to limit RDMA access to an "rdma" > group so that administrators have some control over who gets direct > hardware access > Any rule we add will be in upstream udev; so all the distributions would end up with it anyway. Upstream udev strongly discourages groups for device access that users are placed in.
> (even though in theory it is safe for anyone, there is > the possibility of untrusted users consuming network bandwidth at > least). > It's pretty easy to consume network bandwidth from userspace, you open lots of sockets to somewhere and start reading or writing ;-) Likewise it's pretty trivial to consume memory. > Also, RDMA often requires increasing the amount of locked > memory allowed in /etc/security/limits.conf, and doing that by group > "rdma" is convenient as well. > So it sounds like there's other limits in place anyway to what people can do with RDMA? Sounds safe > Given that you seem to have moved fuse from 0660 to 0666 between > Intrepid and Jaunty, I guess it would be consistent to have the same > permission for rdma access. Is there some reason that you keep the > "fuse" group around and make /dev/fuse owned by it, or is that just a > leftover from the old udev rules? > The group is leftover from before. Scott -- Scott James Remnant sc...@canonical.com -- Ubuntu is missing /dev/infiniband/rdma_cm group ownership udev rule https://bugs.launchpad.net/bugs/256216 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
