[lustre-devel] o2iblnd/socklnd security

Degremont, Aurelien degremoa at amazon.com
Wed Jan 6 01:33:42 PST 2021

Based on my experience, people usually enforced privileged ports (this is default anyway, no?)
I only see complex setups where this could be a problem for admin, but what problem this option is causing to you?

You should probably send that to lustre-discuss if you want to have a simple survey of what people are using.

De : lustre-devel <lustre-devel-bounces at lists.lustre.org> au nom de Amir Shehata <amir.shehata.whamcloud at gmail.com>
Date : mercredi 6 janvier 2021 à 00:18
À : Lustre Development List <lustre-devel at lists.lustre.org>
Objet : [EXTERNAL] [lustre-devel] o2iblnd/socklnd security

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Currently o2iblnd has two parameters

use_privileged_port and require_privileged_port to control the port range to use. They control whether to use/accept a privileged port (1 -1023) or any port.

Similarly socklnd has a similar parameter: accept_type. If set to "all" then any port range is accepted otherwise, only a privileged port is accepted.

I'm trying to get a better idea of how these are being used on sites. And if so do sites value this level of control? IE do these parameters provide a level of security which is deemed valuable?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20210106/a14738d3/attachment.html>

More information about the lustre-devel mailing list