[PATCH v2] nvme: remove unprivileged passthrough support
Kanchan Joshi
joshi.k at samsung.com
Thu Oct 26 07:31:36 PDT 2023
On 10/24/2023 12:37 PM, Christoph Hellwig wrote:
> On Mon, Oct 23, 2023 at 09:18:36AM -0600, Keith Busch wrote:
>> On Mon, Oct 23, 2023 at 07:44:56AM +0200, Christoph Hellwig wrote:
>>> Yes, you need someone with root access to change the device node
>>> persmissions. But we allowed that under the assumption it is safe
>>> to do so, which it turns out it is not.
>>
>> Okay, iiuc, while we have to opt-in to allow this hole, we need another
>> option for users to set to allow this usage because it's not safe.
>>
>> Here are two options I have considered for unpriveledged access, please
>> let me know if you have others or thoughts.
>>
>> Restrict access for processes with CAP_SYS_RAWIO, which can be granted
>> to non-root users. This cap is already used in scsi subsystem, too.
>
> Well, that's sensible in general.
With that someone needs to make each binary (that wants to use
passthrough) capability-aware by doing:
setcap "CAP_SYS_RAWIO=ep" <binary>
Seems extra work for admins (or distros if they need to ship the binary
that way).
More information about the Linux-nvme
mailing list