On Wed, 20 Jul 2016, Jason Gunthorpe wrote: > > Well there is no need to do that with the standard way. The filehandle > > identifies the driver. No need to modify strace and no need to > > schlepp the device_id around. > > Nope, that isn't how strace works, strace never checks the filehandle. Ok why would strace check a filehandle in the first place? The descriptor is the filehandle and you can simply find the operation that created that file descriptor to find the device it refers to. > > We already have the security infrastructure to control access by > > filehandle both single device and multiple device. The multiplexer device > > will cause additional security concerns because the ioctl packet must be > > inspected to find the device. Please do not do this. > > I mean in IB, we don't have the ability to securely strip a single > port out of a device. This is why /dev/uverbs0 referes to both ports > on a card. Adding that ability would damage API capabilities we have. We could easily do that following naming conventions for partitions or so. Why would doing so damage the API capabilities? Seems that they are sufficiently screwed up already. Cleaning that up could help quite a bit. > We already have two command multiplexor fds in the current design and > they have exactly the security concerns you allude to. This is why we > have a SELinux patch set under consideration because labeling dev > nodes is not nearly enough. This is why the namespace patches are > incomplete, etc.. Ok then this is the opportunity to get rid of these things. > There is no proposal to eliminate the multiplexors, I don't even know > how that could work... I thought I just tried to outline how that could work. Consistently use the device semantics already provided in the kernel and use the functionality through ioctls, fnctls etc etc as already provided. -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
