From: Ming Lei <ming.lei@redhat.com>
To: Jens Axboe <axboe@kernel.dk>
Cc: linux-block@vger.kernel.org,
ZiyangZhang <ZiyangZhang@linux.alibaba.com>,
Dan Carpenter <error27@gmail.com>, Ming Lei <ming.lei@redhat.com>
Subject: [PATCH V2 0/6] ublk_drv: add mechanism for supporting unprivileged ublk device
Date: Thu, 24 Nov 2022 11:04:48 +0800 [thread overview]
Message-ID: <20221124030454.476152-1-ming.lei@redhat.com> (raw)
Hello,
Stefan Hajnoczi suggested un-privileged ublk device[1] for container
use case.
So far only administrator can create/control ublk device which is too
strict and increase system administrator burden, and this patchset
implements un-privileged ublk device:
- any user can create ublk device, which can only be controlled &
accessed by the owner of the device or administrator
For using such mechanism, system administrator needs to deploy two
simple udev rules[2] after running 'make install' in ublksrv.
Userspace(ublksrv):
https://github.com/ming1/ubdsrv/tree/unprivileged-ublk
'ublk add -t $TYPE --un_privileged' is for creating one un-privileged
ublk device if the user is un-privileged.
[1] https://lore.kernel.org/linux-block/YoOr6jBfgVm8GvWg@stefanha-x1.localdomain/
[2] https://github.com/ming1/ubdsrv/blob/unprivileged-ublk/README.rst#un-privileged-mode
V2:
- fix "ublk_ctrl_uring_cmd_permission() error: uninitialized symbol 'mask'", reported
by Dan Carpenter' test robot
- address Ziyang's comment on dealing with nr_privileged_daemon
Ming Lei (6):
ublk_drv: remove nr_aborted_queues from ublk_device
ublk_drv: don't probe partitions if the ubq daemon isn't trusted
ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd
ublk_drv: add device parameter UBLK_PARAM_TYPE_DEVT
ublk_drv: add module parameter of ublks_max for limiting max allowed
ublk dev
ublk_drv: add mechanism for supporting unprivileged ublk device
Documentation/block/ublk.rst | 18 +-
drivers/block/ublk_drv.c | 336 ++++++++++++++++++++++++----------
include/uapi/linux/ublk_cmd.h | 49 ++++-
3 files changed, 296 insertions(+), 107 deletions(-)
--
2.31.1
next reply other threads:[~2022-11-24 3:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-24 3:04 Ming Lei [this message]
2022-11-24 3:04 ` [PATCH V2 1/6] ublk_drv: remove nr_aborted_queues from ublk_device Ming Lei
2022-11-24 3:04 ` [PATCH V2 2/6] ublk_drv: don't probe partitions if the ubq daemon isn't trusted Ming Lei
2022-11-24 6:48 ` Ziyang Zhang
2022-11-24 3:04 ` [PATCH V2 3/6] ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd Ming Lei
2022-11-24 7:46 ` Ziyang Zhang
2022-11-24 3:04 ` [PATCH V2 4/6] ublk_drv: add device parameter UBLK_PARAM_TYPE_DEVT Ming Lei
2022-11-25 7:13 ` Ziyang Zhang
2022-12-07 2:31 ` Ming Lei
2022-11-24 3:04 ` [PATCH V2 5/6] ublk_drv: add module parameter of ublks_max for limiting max allowed ublk dev Ming Lei
2022-11-25 7:27 ` Ziyang Zhang
2022-11-24 3:04 ` [PATCH V2 6/6] ublk_drv: add mechanism for supporting unprivileged ublk device Ming Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221124030454.476152-1-ming.lei@redhat.com \
--to=ming.lei@redhat.com \
--cc=ZiyangZhang@linux.alibaba.com \
--cc=axboe@kernel.dk \
--cc=error27@gmail.com \
--cc=linux-block@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.