From: "Adel Gadllah" <adel.gadllah@xxxxxxxxx> Subject: [PATCH/RFC v3] allow userspace to modify scsi command filter on per device basis Date: Mon, 16 Jun 2008 11:22:56 +0200 > 2008/6/16 FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>: > > No, sg has own command filtering mechanism, see sg_allow_access(). > > > > When we discussed the per-gendisk command filter before, I think that > > we agreed that we had better to have one command filtering mechanism. > > The attached patch converts sg to use the cmd_filter too. > The sg driver seems to verify commands for read access only. I have sg driver lets you perform any command if you have the write permission. > not changed this behaviour to avoid breaking things (userspace), > but if we want to change this I can submit another patch. Well, this changes sg behaviour since sg's allow_ops filter has a access permission different from blk_verify_command filter's. I guess that the first thing you need to do is that figuring out a proper access permission for each command, which sg maintainer, etc can agree. It's pretty hard and that's the reason why this patch has not been merged for years, I think. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
