From: Bruce Richardson <bruce.richardson@intel.com>
To: "Morten Brørup" <mb@smartsharesystems.com>
Cc: Anatoly Burakov <anatoly.burakov@intel.com>, <dev@dpdk.org>
Subject: Re: Secondary process access control mechanism
Date: Mon, 14 Jul 2025 10:03:34 +0100 [thread overview]
Message-ID: <aHTH5sJvjYO-7QRN@bricha3-mobl1.ger.corp.intel.com> (raw)
In-Reply-To: <98CBD80474FA8B44BF855DF32C47DC35E9FDAD@smartserver.smartshare.dk>
On Wed, Jul 09, 2025 at 08:02:30PM +0200, Morten Brørup wrote:
> Are there any access control mechanisms to govern what a secondary process can do to a primary process?
>
> Let's say I'm running a primary process, and want to allow only authorized secondary processes to attach to it. No unauthorized secondary processes should be able to attach to it.
>
> I assume there is no fine grained control over which features various secondary processes can access.
>
Nope, no fine grained control. The only control that we have is that
governed by the unix access permissions on the process and the runtime
directory. Any secondary process run by the user of the primary process
will have full access to the primary process. AFAIK: other users on the system
should not have any access, unless permissions are set appropriately by the
primary user. [However, I suspect this is not something we ever test!]
/Bruce
prev parent reply other threads:[~2025-07-14 9:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-09 18:02 Morten Brørup
2025-07-09 21:20 ` Stephen Hemminger
2025-07-14 9:03 ` Bruce Richardson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aHTH5sJvjYO-7QRN@bricha3-mobl1.ger.corp.intel.com \
--to=bruce.richardson@intel.com \
--cc=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
--cc=mb@smartsharesystems.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).