On Wed, 2008-11-19 at 16:22 +0000, Roland Dreier wrote:
> D-Bus/PolicyKit seems very much overengineered and too complex for this
> issue, and it doesn't fit the model of RDMA very well anyway, since the
> whole point of RDMA is that unprivileged userspace applications use RDMA
> hardware directly without the overhead of a system call into the kernel,
> let alone a D-Bus method call to another process.
>
I don't agree.
Adding a PolicyKit authorization to use RDMA devices is not practically
any harder than adding a group; in fact, maintenance-wise it's
substantially easier.
HAL may then be used to apply an ACL to the devices automatically if you
want raw library aaccess.
Scott
--
Scott James Remnant
<email address hidden>
On Wed, 2008-11-19 at 16:22 +0000, Roland Dreier wrote:
> D-Bus/PolicyKit seems very much overengineered and too complex for this
> issue, and it doesn't fit the model of RDMA very well anyway, since the
> whole point of RDMA is that unprivileged userspace applications use RDMA
> hardware directly without the overhead of a system call into the kernel,
> let alone a D-Bus method call to another process.
>
I don't agree.
Adding a PolicyKit authorization to use RDMA devices is not practically
any harder than adding a group; in fact, maintenance-wise it's
substantially easier.
HAL may then be used to apply an ACL to the devices automatically if you
want raw library aaccess.
Scott
--
Scott James Remnant
<email address hidden>