[PATCH] nvme: restrict management ioctls to admin
Jens Axboe
axboe at kernel.dk
Fri Sep 9 07:57:35 PDT 2022
On 9/8/22 3:35 PM, Keith Busch wrote:
> From: Keith Busch <kbusch at kernel.org>
>
> The passthrough commands already have this restriction, but the other
> operations do not. Require the same capabilities for all users as all of
> these operations can be disruptive.
Would it be saner to require that you have write permissions on the
opened device? Not sure this CAP_SYS_ADMIN is really necessary,
and might break existing setups as this is new.
I do agree that passthrough and sync ioctl based issue should be
consistent, though.
--
Jens Axboe
More information about the Linux-nvme
mailing list