dgilbert@xxxxxxxxxxxx wrote on Wed, 18 Jun 2008 01:01 +0200: > IMO all command filtering should be dropped To add fuel to the fire: I carry a patch to hack around the SCSI filtering invoked by bsg to be able to use an object-based storage device (OSD). These devices have a fairly comprehensive policy framework that filters commands based on the object being accessed, and how it is accessed. User-space applications acquire credentials from a server somewhere on the network and craft SCSI commands that present these credentials to the device, which also likely sits remotely and is accessed via iSCSI or similar. OSD commands all have the same opcode 0x7f (variable length CDB), and the "service action" (read, write, create, flush, ...) is deeper in the CDB, along with the credentials. Filtering on the single byte 0x7f isn't useful, and the local kernel really has no role in mediating device access. Linux provides SCSI initiator services including discovery, transport, etc. but has no role in authenticating how applications use OSDs. -- Pete -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
