Hello, Stefan Hajnoczi suggested un-privileged ublk device[1] for container use case. So far only administrator can create/control ublk device which is too strict and increase system administrator burden, and this patchset implements un-privileged ublk device: - any user can create ublk device, which can only be controlled & accessed by the owner of the device or administrator For using such mechanism, system administrator needs to deploy two simple udev rules[2] after running 'make install' in ublksrv. Userspace(ublksrv): https://github.com/ming1/ubdsrv/tree/unprivileged-ublk 'ublk add -t $TYPE --un_privileged' is for creating one un-privileged ublk device if the user is un-privileged. [1] https://lore.kernel.org/linux-block/YoOr6jBfgVm8GvWg@stefanha-x1.localdomain/ [2] https://github.com/ming1/ubdsrv/blob/unprivileged-ublk/README.rst#un-privileged-mode V4: - only allow to create unprivileged udev for current user, as suggested by Jonathan Corbet - fix misc bug for handling failure - add detailed document - update userspace V3: - don't warn on invalid user input for setting devt parameter, as suggested by Ziyang, patch 4/6 - fix one memory corruption issue, patch 6/6 V2: - fix "ublk_ctrl_uring_cmd_permission() error: uninitialized symbol 'mask'", reported by Dan Carpenter' test robot - address Ziyang's comment on dealing with nr_privileged_daemon Ming Lei (6): ublk_drv: remove nr_aborted_queues from ublk_device ublk_drv: don't probe partitions if the ubq daemon isn't trusted ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd ublk_drv: add device parameter UBLK_PARAM_TYPE_DEVT ublk_drv: add module parameter of ublks_max for limiting max allowed ublk dev ublk_drv: add mechanism for supporting unprivileged ublk device Documentation/block/ublk.rst | 49 ++++- drivers/block/ublk_drv.c | 341 ++++++++++++++++++++++++---------- include/uapi/linux/ublk_cmd.h | 49 ++++- 3 files changed, 332 insertions(+), 107 deletions(-) -- 2.31.1
