On Thu, Jun 03, 2021 at 10:00:08AM +0000, Damien Le Moal wrote: > On 2021/06/03 18:54, David Sterba wrote: > > On Mon, May 31, 2021 at 01:54:53PM +0000, Niklas Cassel wrote: > >> From: Niklas Cassel <niklas.cassel@xxxxxxx> > >> > >> Performing a BLKREPORTZONE operation should be allowed under the same > >> permissions as read(). (read() does not require CAP_SYS_ADMIN). > >> > >> Remove the CAP_SYS_ADMIN requirement, and instead check that the fd was > >> successfully opened with FMODE_READ. This way BLKREPORTZONE will match > >> the access control requirement of read(). > > > > Does this mean that a process that does not have read nor write access > > to the device itself (blocks) is capable of reading the zone > > information? Eg. some monitoring tool. > > With this change, to do a report zones, the process will only need to have read > access to the device. And if it has read access, it also means that it can read > the zones content. Ok, so this is a bit restricting. The zone information is like block device metadata, comparing it to a file that has permissionx 0600 I can see the all the stat info (name, tiemstamps) but can't read the data. But as the ioctl work, it needs a file descriptor and there's probably no way to separate the permissions to read blocks and just the metadata. For a monitoring/reporting tool this would be useful. Eg. for btrfs it could be part of filesystem status overview regarding full or near-full zones and emitting an early warning or poking some service to start the reclaim.
