On Mon, May 31, 2021 at 01:54:53PM +0000, Niklas Cassel wrote: > From: Niklas Cassel <niklas.cassel@xxxxxxx> > > Performing a BLKREPORTZONE operation should be allowed under the same > permissions as read(). (read() does not require CAP_SYS_ADMIN). > > Remove the CAP_SYS_ADMIN requirement, and instead check that the fd was > successfully opened with FMODE_READ. This way BLKREPORTZONE will match > the access control requirement of read(). Does this mean that a process that does not have read nor write access to the device itself (blocks) is capable of reading the zone information? Eg. some monitoring tool.
