Hello, > > Resetting a bus from an end device only works if it's the only function > > on or below that bus. > > > > Provide an attribute on the pci_dev bridge device that can perform the > > secondary bus reset. This makes it possible for a user to safely reset > > multiple devices in a single command using the secondary bus reset > > action. > > Hi Bjorn, just want to check in. Do you have concerns remaining for this > feature? Would you have anything against if we put this new bus reset sysfs object access behind the following test? if (!capable(CAP_SYS_ADMIN)) return -EPERM; This is irregardless of what the permissions on the sysfs objects from the DAC point of view are set to. Checking CAP_SYS_ADMIN capability, to improve our default security stance, on a number of important sysfs objects (e.g., reset, remove, etc.) we have was something I discussed in the past with Bjorn, but never got around to sending a patch to add this check. Thoughts? Krzysztof
