* [RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist
@ 2013-05-27 13:50 Paolo Bonzini
2013-06-25 21:19 ` Paolo Bonzini
0 siblings, 1 reply; 3+ messages in thread
From: Paolo Bonzini @ 2013-05-27 13:50 UTC (permalink / raw)
To: linux-kernel; +Cc: tj, msnitzer, ksievers, jbottomley, axboe, linux-scsi
On Wed, 12 Sep 2012 09:05:41 +0100, James Bottomley wrote:
> This is why the whole filter thing was mutable via sysfs. That way the
> admin could set this up per device. It sounds like this is what you
> want to fix, rather than opening up more holes in an already leaky
> security apparatus. The ideal is that we would be much more restrictive
> by default and give root the ability to override this both globally and
> per-device to conform to whatever policy it has for the virtual
> environments.
>
> The patch which removed all of the sysfs pieces was:
>
> commit 018e0446890661504783f92388ecce7138c1566d
> Author: Jens Axboe <jens.axboe@oracle.com>
> Date: Fri Jun 26 16:27:10 2009 +0200
>
> block: get rid of queue-private command filter
>
> So that's probably the place to start for putting it back properly.
[https://lkml.org/lkml/2012/9/12/76]
We've been running in circles for nine months now. Let's restart from
the maintainer's suggestion, which was probably dismissed too quickly.
This is still not a complete solution, because /dev/sgN does not have
access to its queue object. Still, it can be a base for discussion.
If accepted (in a complete form with access to the queue object for
non-block devices), this series removes the need to fix the opcode
conflicts as far as I'm concerned. We could just consider that a
feature of CONFIG_BLK_DEV_SG_FILTER_MMC.
Previously posted at https://lkml.org/lkml/2012/9/25/397 (short thread).
Rebased just fine, this one is compile-tested only.
Paolo
Paolo Bonzini (4):
block: add back queue-private command filter
scsi: create an all-zero filter for scanners
block: add back command filter modification via sysfs
scsi: lock out SG_IO by default to unprivileged users
Documentation/block/queue-sysfs.txt | 16 +++++
block/Kconfig | 22 ++++++
block/blk-sysfs.c | 43 ++++++++++++
block/bsg.c | 2 +-
block/scsi_ioctl.c | 131 +++++++++++++++++++++++++++++++-----
drivers/scsi/scsi_scan.c | 8 ++-
drivers/scsi/sg.c | 7 +-
include/linux/blkdev.h | 31 ++++++++-
8 files changed, 238 insertions(+), 22 deletions(-)
--
1.8.1.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist
2013-05-27 13:50 [RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist Paolo Bonzini
@ 2013-06-25 21:19 ` Paolo Bonzini
2013-07-05 13:54 ` Paolo Bonzini
0 siblings, 1 reply; 3+ messages in thread
From: Paolo Bonzini @ 2013-06-25 21:19 UTC (permalink / raw)
Cc: linux-kernel, tj, msnitzer, ksievers, jbottomley, axboe,
linux-scsi
Il 27/05/2013 15:50, Paolo Bonzini ha scritto:
>
> We've been running in circles for nine months now. Let's restart from
> the maintainer's suggestion, which was probably dismissed too quickly.
>
> This is still not a complete solution, because /dev/sgN does not have
> access to its queue object. Still, it can be a base for discussion.
>
> If accepted (in a complete form with access to the queue object for
> non-block devices), this series removes the need to fix the opcode
> conflicts as far as I'm concerned. We could just consider that a
> feature of CONFIG_BLK_DEV_SG_FILTER_MMC.
>
> Previously posted at https://lkml.org/lkml/2012/9/25/397 (short thread).
> Rebased just fine, this one is compile-tested only.
>
> Paolo
RFC didn't get many Cs.
Paolo
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist
2013-06-25 21:19 ` Paolo Bonzini
@ 2013-07-05 13:54 ` Paolo Bonzini
0 siblings, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2013-07-05 13:54 UTC (permalink / raw)
To: linux-scsi; +Cc: linux-kernel, tj, msnitzer, ksievers, jbottomley, axboe
Il 25/06/2013 23:19, Paolo Bonzini ha scritto:
> Il 27/05/2013 15:50, Paolo Bonzini ha scritto:
>>
>> We've been running in circles for nine months now. Let's restart from
>> the maintainer's suggestion, which was probably dismissed too quickly.
>>
>> This is still not a complete solution, because /dev/sgN does not have
>> access to its queue object. Still, it can be a base for discussion.
>>
>> If accepted (in a complete form with access to the queue object for
>> non-block devices), this series removes the need to fix the opcode
>> conflicts as far as I'm concerned. We could just consider that a
>> feature of CONFIG_BLK_DEV_SG_FILTER_MMC.
>>
>> Previously posted at https://lkml.org/lkml/2012/9/25/397 (short thread).
>> Rebased just fine, this one is compile-tested only.
>>
>> Paolo
>
> RFC didn't get many Cs.
Ping^2.
Paolo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-07-05 13:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-27 13:50 [RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist Paolo Bonzini
2013-06-25 21:19 ` Paolo Bonzini
2013-07-05 13:54 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).