[Bug 256216] Re: Ubuntu is missing /dev/infiniband/rdma_cm group ownership udev rule

[Roland Dreier]

 > I missed a key part of this paragraph before. You say that the whole point is that
 > unprivileged userspace applications can use RDMA directly?

Yes, non-suid executables run by normal users should be able to use RDMA
directly in a safe fashion.

 > If that's the case, should these devices not simply have -rw-rw-rw permissions (like
 > /dev/net/tun, /dev/fuse, etc.) so that all userspace applications can use them?

Having 0666 permissions would not necessarily be a bad idea, but the
consensus among other distributions is to limit RDMA access to an "rdma"
group so that administrators have some control over who gets direct
hardware access (even though in theory it is safe for anyone, there is
the possibility of untrusted users consuming network bandwidth at
least).  Also, RDMA often requires increasing the amount of locked
memory allowed in /etc/security/limits.conf, and doing that by group
"rdma" is convenient as well.

Given that you seem to have moved fuse from 0660 to 0666 between
Intrepid and Jaunty, I guess it would be consistent to have the same
permission for rdma access.  Is there some reason that you keep the
"fuse" group around and make /dev/fuse owned by it, or is that just a
leftover from the old udev rules?

-- 
Ubuntu is missing /dev/infiniband/rdma_cm group ownership udev rule
https://bugs.launchpad.net/bugs/256216
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs