On 6/10/23 2:06 PM, Christoph Hellwig wrote: > On Fri, Jun 09, 2023 at 06:21:22PM +0800, Jingbo Xu wrote: >> When the shared storage is accessed from containers [1], it's not >> recommended to grant CAP_SYS_ADMIN to containers for access to >> Persistent Reservations in risk of container escape. >> >> Remove the extra CAP_SYS_ADMIN permission constraint for Persistent >> Reservations ioctl which shall do no harm [2]. > > I think we still to check that if CAP_SYS_ADMIN is not present, > the file descriptors needs to be open for write, and we're not called > on a partition (the latter should probbaly be always checked, > as a reservation for a partitions doesn't make sense). > > But in general I think relaxing this is a good idea, we just need to > be very careful. Looking at the discussion of unprivileged nvme > command passthrough might be a good start. Hi, Thanks for the reply. It seems I need to dive deeper into details of Persistent Reservations protocol and the permission control you mentioned in nvme command passthrough. Thanks for your suggestions. I will send a new version later. -- Thanks, Jingbo
