From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Christoph Hellwig <hch@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org,
Hannes Reinecke <hare@suse.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>
Subject: Re: [PATCH 0/3] SG_IO command filtering via sysfs
Date: Sun, 11 Nov 2018 08:42:42 -0500 [thread overview]
Message-ID: <20181111134241.GA2447@thunk.org> (raw)
In-Reply-To: <20181111131445.GB25441@infradead.org>
On Sun, Nov 11, 2018 at 05:14:45AM -0800, Christoph Hellwig wrote:
> I think this goes in the wrong way. There isn't really any point
> in filtering at all if we have access to the whole device by the
> file persmissions, and we generally should not allow any access for
> partitions.
It really depends on the security model being used on a particular
system. I can easily imagine scenarios where userspace is allowed
full access to the device with respect to read/write/open, but the
security model doesn't want to allow access to various SCSI commands
such as firmware upload commands, TCG commads, the
soon-to-be-standardized Zone Activation Commands (which allow dynamic
conversion of HDD recording modes between CMR and SMR), etc.
And this is before we get to crazy container / namespace scenarios.
And *no*, let's not have a SG_IO namespace! :-)
> I think we need to simplify the selection, not add crazy amounts of
> special case code.
I have the opposite opinions in terms of wanting more complex
filtering rules, but I also agree that special case C code is not the
answer --- and why I suggested that eBPF filtering rules is the right
way to go.
- Ted
next prev parent reply other threads:[~2018-11-11 13:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-10 16:35 [PATCH 0/3] SG_IO command filtering via sysfs Paolo Bonzini
2018-11-10 16:35 ` [PATCH 1/3] block: add back queue-private command filter Paolo Bonzini
2018-11-10 16:35 ` [PATCH 2/3] scsi: create an all-one filter for scanners Paolo Bonzini
2018-11-10 16:35 ` [PATCH 3/3] block: add back command filter modification via sysfs Paolo Bonzini
2018-11-16 5:46 ` Bart Van Assche
2018-11-16 7:00 ` Paolo Bonzini
2018-11-16 14:42 ` Bart Van Assche
2018-11-10 19:05 ` [PATCH 0/3] SG_IO command filtering " Theodore Y. Ts'o
2018-11-11 13:26 ` Paolo Bonzini
2018-11-11 14:14 ` Theodore Y. Ts'o
2018-11-16 0:26 ` Paolo Bonzini
2018-11-16 0:37 ` Bart Van Assche
2018-11-16 7:01 ` Paolo Bonzini
2018-11-16 17:35 ` Theodore Y. Ts'o
2018-11-11 13:14 ` Christoph Hellwig
2018-11-11 13:42 ` Theodore Y. Ts'o [this message]
2018-11-12 8:20 ` Christoph Hellwig
2018-11-12 10:17 ` Paolo Bonzini
2018-11-16 9:32 ` Christoph Hellwig
2018-11-16 9:45 ` Paolo Bonzini
2018-11-16 9:48 ` Christoph Hellwig
2018-11-16 17:43 ` Theodore Y. Ts'o
2018-11-16 18:17 ` Bart Van Assche
2018-11-16 21:08 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181111134241.GA2447@thunk.org \
--to=tytso@mit.edu \
--cc=James.Bottomley@hansenpartnership.com \
--cc=hare@suse.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.