| Message ID | 20210614122303.154378-1-Niklas.Cassel@wdc.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | allow blk-zoned ioctls without CAP_SYS_ADMIN | expand |
On Mon, Jun 14, 2021 at 12:23:19PM +0000, Niklas Cassel wrote: > From: Niklas Cassel <niklas.cassel@wdc.com> > > Allow the following blk-zoned ioctls: BLKREPORTZONE, BLKRESETZONE, > BLKOPENZONE, BLKCLOSEZONE, and BLKFINISHZONE to be performed without > CAP_SYS_ADMIN. > > Neither read() nor write() requires CAP_SYS_ADMIN, and considering > the close relationship between read()/write() and these ioctls, there > is no reason to require CAP_SYS_ADMIN for these ioctls either. > > Changes since v2: > -Drop the FMODE_READ check from patch 2/2. > Right now it is possible to open() the device with O_WRONLY > and get the zone report from that fd. Therefore adding a > FMODE_READ check on BLKREPORTZONE would break existing applications. > Instead, just remove the existing CAP_SYS_ADMIN check. > > > Niklas Cassel (2): > blk-zoned: allow zone management send operations without CAP_SYS_ADMIN > blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN > > block/blk-zoned.c | 6 ------ > 1 file changed, 6 deletions(-) > > -- > 2.31.1 Hello Jens, A gentle ping on this series. I think it has sufficient Reviewed-by tags by now. Kind regards, Niklas
On Mon, Jun 28, 2021 at 09:20:15AM +0200, Niklas Cassel wrote: > On Mon, Jun 14, 2021 at 12:23:19PM +0000, Niklas Cassel wrote: > > From: Niklas Cassel <niklas.cassel@wdc.com> > > > > Allow the following blk-zoned ioctls: BLKREPORTZONE, BLKRESETZONE, > > BLKOPENZONE, BLKCLOSEZONE, and BLKFINISHZONE to be performed without > > CAP_SYS_ADMIN. > > > > Neither read() nor write() requires CAP_SYS_ADMIN, and considering > > the close relationship between read()/write() and these ioctls, there > > is no reason to require CAP_SYS_ADMIN for these ioctls either. > > > > Changes since v2: > > -Drop the FMODE_READ check from patch 2/2. > > Right now it is possible to open() the device with O_WRONLY > > and get the zone report from that fd. Therefore adding a > > FMODE_READ check on BLKREPORTZONE would break existing applications. > > Instead, just remove the existing CAP_SYS_ADMIN check. > > > > > > Niklas Cassel (2): > > blk-zoned: allow zone management send operations without CAP_SYS_ADMIN > > blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN > > > > block/blk-zoned.c | 6 ------ > > 1 file changed, 6 deletions(-) > > > > -- > > 2.31.1 > > Hello Jens, > > > A gentle ping on this series. > > I think it has sufficient Reviewed-by tags by now. > > > Kind regards, > Niklas Hello again Jens, any chance of this series being picked up? Kind regards, Niklas
> -----Original Message----- > From: Niklas Cassel <Niklas.Cassel@wdc.com> > Sent: Monday, July 5, 2021 4:57 PM > To: Jens Axboe <axboe@kernel.dk>; Jens Axboe <axboe@fb.com> > Cc: linux-block@vger.kernel.org; linux-kernel@vger.kernel.org > Subject: Re: [PATCH v3 0/2] allow blk-zoned ioctls without CAP_SYS_ADMIN > > On Mon, Jun 28, 2021 at 09:20:15AM +0200, Niklas Cassel wrote: > > On Mon, Jun 14, 2021 at 12:23:19PM +0000, Niklas Cassel wrote: > > > From: Niklas Cassel <niklas.cassel@wdc.com> > > > > > > Allow the following blk-zoned ioctls: BLKREPORTZONE, BLKRESETZONE, > > > BLKOPENZONE, BLKCLOSEZONE, and BLKFINISHZONE to be performed without > > > CAP_SYS_ADMIN. > > > > > > Neither read() nor write() requires CAP_SYS_ADMIN, and considering > > > the close relationship between read()/write() and these ioctls, > > > there is no reason to require CAP_SYS_ADMIN for these ioctls either. > > > > > > Changes since v2: > > > -Drop the FMODE_READ check from patch 2/2. > > > Right now it is possible to open() the device with O_WRONLY and get > > > the zone report from that fd. Therefore adding a FMODE_READ check on > > > BLKREPORTZONE would break existing applications. > > > Instead, just remove the existing CAP_SYS_ADMIN check. > > > > > > > > > Niklas Cassel (2): > > > blk-zoned: allow zone management send operations without CAP_SYS_ADMIN > > > blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN > > > > > > block/blk-zoned.c | 6 ------ > > > 1 file changed, 6 deletions(-) > > > > > > -- > > > 2.31.1 > > > > Hello Jens, > > > > > > A gentle ping on this series. > > > > I think it has sufficient Reviewed-by tags by now. > > > > > > Kind regards, > > Niklas > > Hello again Jens, > > > any chance of this series being picked up? > Hello Jens, Gentle ping. Could you please take a look at this series ? Thanks, Aravind > > Kind regards, > Niklas
From: Niklas Cassel <niklas.cassel@wdc.com> Allow the following blk-zoned ioctls: BLKREPORTZONE, BLKRESETZONE, BLKOPENZONE, BLKCLOSEZONE, and BLKFINISHZONE to be performed without CAP_SYS_ADMIN. Neither read() nor write() requires CAP_SYS_ADMIN, and considering the close relationship between read()/write() and these ioctls, there is no reason to require CAP_SYS_ADMIN for these ioctls either. Changes since v2: -Drop the FMODE_READ check from patch 2/2. Right now it is possible to open() the device with O_WRONLY and get the zone report from that fd. Therefore adding a FMODE_READ check on BLKREPORTZONE would break existing applications. Instead, just remove the existing CAP_SYS_ADMIN check. Niklas Cassel (2): blk-zoned: allow zone management send operations without CAP_SYS_ADMIN blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN block/blk-zoned.c | 6 ------ 1 file changed, 6 deletions(-)