On Tue, Oct 31, 2017 at 10:10:38AM -0400, Jeff Layton wrote: > On Fri, 2017-06-30 at 14:23 +0100, Stefan Hajnoczi wrote: > > @@ -595,6 +609,10 @@ int svc_port_is_privileged(struct sockaddr *sin) > > case AF_INET6: > > return ntohs(((struct sockaddr_in6 *)sin)->sin6_port) > > < PROT_SOCK; > > + case AF_VSOCK: > > + return ((struct sockaddr_vm *)sin)->svm_port <= > > + LAST_RESERVED_PORT; > > + > > default: > > return 0; > > } > > Does vsock even have the concept of a privileged port? I would imagine > that root in a guest VM would carry no particular significance from an > export security standpoint > > Since you're defining a new transport here, it might be nice write the > RFCs to avoid that distinction, if possible. > > Note that RDMA just has svc_port_is_privileged always return 1. AF_VSOCK has the same 0-1023 privileged port range as TCP. Stefan
Attachment:
signature.asc
Description: PGP signature
