[PATCH v4 0/2] Granular CAP_SYS_ADMIN
Kanchan Joshi
joshi.k at samsung.com
Mon Oct 31 09:23:49 PDT 2022
Hi,
The series enables general access for passthrough IO if sysadmin wants
so.
Patch 1: for io commands. It implements the shift to file-mode based
policy.
Patch 2: allows identify-namespace command (based on ALPSS feedback).
Changes since v3:
================
- Patch 2: remove two comments (Chaitanya)
- collect reviewed-by
Changes since v2:
================
- Add patch 2 that allows identify-ns
- Patch 1: Move nvme_cmd_allowed check further down, so that we can use CNS
values for decision making in patch 2
- Patch 1: invert if condition (Sagi)
Changes since v1:
================
- Move nvme_cmd_allowed check at a place that allows using nvme_is_write
helper (hch)
- Keep everything into single patch (chaitanya, hch)
- Comments cleanup (hch, chaitanya)
- Part of cover-letter moved to commit-description
Kanchan Joshi (2):
nvme: fine-granular CAP_SYS_ADMIN for nvme io commands
nvme: identify-namespace without CAP_SYS_ADMIN
drivers/nvme/host/ioctl.c | 105 ++++++++++++++++++++++++++------------
include/linux/nvme.h | 1 +
2 files changed, 73 insertions(+), 33 deletions(-)
--
2.25.1
More information about the Linux-nvme
mailing list