On Mon, Oct 23, 2023 at 09:18:36AM -0600, Keith Busch wrote: > On Mon, Oct 23, 2023 at 07:44:56AM +0200, Christoph Hellwig wrote: > > Yes, you need someone with root access to change the device node > > persmissions. But we allowed that under the assumption it is safe > > to do so, which it turns out it is not. > > Okay, iiuc, while we have to opt-in to allow this hole, we need another > option for users to set to allow this usage because it's not safe. > > Here are two options I have considered for unpriveledged access, please > let me know if you have others or thoughts. > > Restrict access for processes with CAP_SYS_RAWIO, which can be granted > to non-root users. This cap is already used in scsi subsystem, too. Well, that's sensible in general. > A per nvme-generic namespace sysfs attribute that only root can toggle > that would override any caps and just rely on access permissions. And that I'm not confident about as long as we can only use the broken PRP scheme on NVMe.
