Displaying 2 results from an estimated 2 matches for "cat_net_admin".
Did you mean:
cap_net_admin
2023 Aug 30
1
[PATCH v3 0/3] vduse: add support for networking devices
...gt;> Does that make sense?
>>
>> Maxime
>
> OK. How are we going to enforce it?
Actually, it seems already enforced for all VDPA devices types.
Indeed, the VDPA_CMD_DEV_NEW Netlink command used to add the device to
the VDPA bus has the GENL_ADMIN_PERM flag set, and so require
CAT_NET_ADMIN.
> Also, we need a way for selinux to enable/disable some of these things
> but not others.
Ok, I can do it in a patch on top.
Do you have a pointer where it is done for Virtio Block devices?
Maxime
2023 Aug 29
1
[PATCH v3 0/3] vduse: add support for networking devices
On Tue, Aug 29, 2023 at 03:34:06PM +0200, Maxime Coquelin wrote:
>
>
> On 8/11/23 00:00, Jakub Kicinski wrote:
> > On Thu, 10 Aug 2023 17:42:11 -0400 Michael S. Tsirkin wrote:
> > > > Directly into the stack? I thought VDUSE is vDPA in user space,
> > > > meaning to get to the kernel the packet has to first go thru
> > > > a virtio-net instance.