Re: [Patch] scsi_ioctl: support persistent reserve commands for non-root user.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote on 
2015/08/04 09:32:17:
> On Tue, 2015-08-04 at 09:11 +0800, jiang.biao2@xxxxxxxxxx wrote:
> > scsi_ioctl: support persistent reserve commands through ioctl for
> > non-root user.
> > 
> > Scsi persistent reserve commands need to be used for non-root user in
> > many scenarios.
> > EPERM error will be returned by sg_io() when PERSISTENT_RESERVE_OUT
> > or PERSISTENT_RESERVE_IN command is sent through ioctl() for
> > non-root user.
> > Add PERSISTENT_RESERVE_OUT and PERSISTENT_RESERVE_IN into
> > blk_default_cmd_filter in blk_set_cmd_filter_defaults() to support 
> > persistent reserve commands for non-root user.
> 
> I'm very dubious about this: a PR third party reservation can deny
> access to the local device ... effectively allowing any local user to
> cause I/O errors on all devices by issuing a bogus third party
> reservation.  What's the reason for allowing non-root use in the first
> place?
> 

Hi, Jams. 
Our scenario is using persistent reservation in KVM guest cluster 
when passing through the disk to the guests. The cluster 
software(MSCS, for instance) need to use PR to synchronize the 
cocurrent access to the shared disk. Because the KVM guest is 
running in qemu context, it could not be root.

As to your concerns, should the the bogus reservation and illegal 
access be limited by the other measures, for example, the mode of 
the dev file? Similarly, the *Basic writing commands(WRITE_*)* are 
also dangerous for non-root, but they must be used be by non-root 
user, so they are controlled by file mode and other security 
measures, and not limited it the first place.

Thanks a lot.

��.n��������+%������w��{.n�����{������ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux