[PATCH v2] nvme: remove unprivileged passthrough support
Christoph Hellwig
hch at lst.de
Tue Oct 24 00:07:59 PDT 2023
On Mon, Oct 23, 2023 at 09:18:36AM -0600, Keith Busch wrote:
> On Mon, Oct 23, 2023 at 07:44:56AM +0200, Christoph Hellwig wrote:
> > Yes, you need someone with root access to change the device node
> > persmissions. But we allowed that under the assumption it is safe
> > to do so, which it turns out it is not.
>
> Okay, iiuc, while we have to opt-in to allow this hole, we need another
> option for users to set to allow this usage because it's not safe.
>
> Here are two options I have considered for unpriveledged access, please
> let me know if you have others or thoughts.
>
> Restrict access for processes with CAP_SYS_RAWIO, which can be granted
> to non-root users. This cap is already used in scsi subsystem, too.
Well, that's sensible in general.
> A per nvme-generic namespace sysfs attribute that only root can toggle
> that would override any caps and just rely on access permissions.
And that I'm not confident about as long as we can only use the broken
PRP scheme on NVMe.
More information about the Linux-nvme
mailing list