From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AB200423E3 for ; Sun, 15 Jan 2023 13:46:10 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A4DFF410FB; Sun, 15 Jan 2023 13:46:10 +0100 (CET) Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) by mails.dpdk.org (Postfix) with ESMTP id 8F48D40042; Sun, 15 Jan 2023 13:46:08 +0100 (CET) Received: by mail-lj1-f181.google.com with SMTP id n5so26740264ljc.9; Sun, 15 Jan 2023 04:46:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=yDyNRlCyzWfcdFW6cfNNU0wwjCooDp/yMsmPujURfQU=; b=IPAocEKGuL//wikoS28HeirLToH+1txogcn8CuUyTMqJBlbRy9G+l9rCbP7nVUqcMl VcwPL8It2TvhopusUnLFawFWOj96T/qBldXVeWMGixE29PkwuvNtwY8HmFk4Do5PTfPE M4qRT6wiip1D1Z9CWIIsYe/qMXcpJM/OorKIfV1chkEqPXB5mNQONnZ+alO9kv8puY0M p/OqCLvKgXitsGoQ+Zm30oh1WQVYXEYSXFN3EqJB9A6Osu+wWA7cjFmc8ORtzHmw6zXG ZsE8W+w452Sw/mwZvcFcj8m/VrCcrDgk3PWH4M2dN+9l9epIecgEb+u57THjuRen89Hp hM5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yDyNRlCyzWfcdFW6cfNNU0wwjCooDp/yMsmPujURfQU=; b=AWssMKT7BxDfl/qbZ+ugawEI15fkkRg0yXag525kqcwoTsEInxPMzIRKM2VPJ7jzx7 r4jlr3sqt9DwiXvRAAKPXT03yfVW5v6L7SkzF+D6MiWdR07Q0Vht6XQGrYPK3tof9Tqd fW+62vLxOtVRZeYI77Rg9tP019QiPKsPSIFLEQ29X3ZzYUgaHSDgY1C6vZISKdDeqSTW up7T5KFCxc3QzFZFyIfWYj+5Fe7NW/HhhuW3DOAwkiOtxJxdvljHUZMXqcG8/tIx4S93 vrpSEWiRqxGkkM4rjSiXIWNWi2q2yChzgUGpEtmKTRNsQyhdR9nP5uutzy16sIkgxUal /HtA== X-Gm-Message-State: AFqh2koRnQyY6Ev3Pa00St6c4bJmmPHVjA0zadm78ny4Mk09meryorYX q9qM8eHpqbtE0+dmUfLP0oE= X-Google-Smtp-Source: AMrXdXvKeZg8NTITT+yhFPadSxUf4bqoK9nwZ+1UU5OpTkTgvb/rsFIcHyL6PNY3unwXuPkNv6xzPg== X-Received: by 2002:a05:651c:210d:b0:27f:f46d:fb8a with SMTP id a13-20020a05651c210d00b0027ff46dfb8amr17023204ljq.40.1673786767857; Sun, 15 Jan 2023 04:46:07 -0800 (PST) Received: from sovereign (broadband-37-110-65-23.ip.moscow.rt.ru. [37.110.65.23]) by smtp.gmail.com with ESMTPSA id u2-20020a2e9f02000000b0028b635edad9sm1087672ljk.26.2023.01.15.04.46.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Jan 2023 04:46:07 -0800 (PST) Date: Sun, 15 Jan 2023 15:46:06 +0300 From: Dmitry Kozlyuk To: Stephen Hemminger Cc: dev@dpdk.org, stable@dpdk.org, Boris Ouretskey , Isaac Boukris , Bruce Richardson Subject: Re: [PATCH] doc: add capability to access physical addresses Message-ID: <20230115154606.31e855cf@sovereign> In-Reply-To: <20230114182752.0fa60bf7@hermes.local> References: <20230114225802.136625-1-dmitry.kozliuk@gmail.com> <20230114182752.0fa60bf7@hermes.local> X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org 2023-01-14 18:27 (UTC-0800), Stephen Hemminger: > DAC_OVERRIDE is like having the master key. It opens all doors > and if so, running as non-root really doesn't matter that much. > > Ideally, a finer grain permission could be used. > Recommending this to users seems wrong. According to my tests, DAC_READ_SEARCH can be used instead of DAC_OVERRIDE. It seems slightly better, because it doesn't bypass write permission checks. Although I agree with Isaac that SYS_ADMIN is already very powerful, and remember that the final goal is to perform unrestricted DMA. Boris, Isaac, is DAC_READ_SEARCH sufficient on your systems?