[PATCH for-next 0/2] Fine-granular CAP_SYS_ADMIN
Kanchan Joshi
joshi.k at samsung.com
Mon Sep 26 07:54:28 PDT 2022
Current nvme passthrough interface is more useful than it used to be.
Now that user-space has more reasons to pick this path, the existing
CAP_SYS_ADMIN based checks are worth a revisit.
Currently both io and admin commands are kept under a
coarse-granular CAP_SYS_ADMIN check, without any regard to file open
mode.
$ ls -l /dev/ng*
crw-rw-rw- 1 root root 242, 0 Sep 9 19:20 /dev/ng0n1
crw------- 1 root root 242, 1 Sep 9 19:20 /dev/ng0n2
In the example above, ng0n1 appears as if it may allow unprivileged
read/write operation but it does not and behaves same as ng0n2.
The series attempts a shift from CAP_SYS_ADMIN to more fine-granular
control for io-commands. This is somewhat similar to scsi whitelisting.
Patch 1: contains the new policy for io command control
Patch 2: changes the callers to use that
Kanchan Joshi (2):
nvme: add the permission-policy for command control
nvme: Make CAP_SYS_ADMIN fine-granular
drivers/nvme/host/ioctl.c | 89 +++++++++++++++++++++++++--------------
include/linux/nvme.h | 1 +
2 files changed, 58 insertions(+), 32 deletions(-)
--
2.25.1
More information about the Linux-nvme
mailing list