[PATCH v2] nvme: remove unprivileged passthrough support
Keith Busch
kbusch at kernel.org
Thu Oct 26 08:15:11 PDT 2023
On Thu, Oct 26, 2023 at 08:01:36PM +0530, Kanchan Joshi wrote:
> On 10/24/2023 12:37 PM, Christoph Hellwig wrote:
> > On Mon, Oct 23, 2023 at 09:18:36AM -0600, Keith Busch wrote:
> >> On Mon, Oct 23, 2023 at 07:44:56AM +0200, Christoph Hellwig wrote:
> >>> Yes, you need someone with root access to change the device node
> >>> persmissions. But we allowed that under the assumption it is safe
> >>> to do so, which it turns out it is not.
> >>
> >> Okay, iiuc, while we have to opt-in to allow this hole, we need another
> >> option for users to set to allow this usage because it's not safe.
> >>
> >> Here are two options I have considered for unpriveledged access, please
> >> let me know if you have others or thoughts.
> >>
> >> Restrict access for processes with CAP_SYS_RAWIO, which can be granted
> >> to non-root users. This cap is already used in scsi subsystem, too.
> >
> > Well, that's sensible in general.
>
> With that someone needs to make each binary (that wants to use
> passthrough) capability-aware by doing:
>
> setcap "CAP_SYS_RAWIO=ep" <binary>
>
> Seems extra work for admins (or distros if they need to ship the binary
> that way).
The way I usually see it done is add the capability to the user so any
binary executed by that user already has the caps.
More information about the Linux-nvme
mailing list