Re: [RFC] block: relax permission for Persistent Reservations ioctl

From: Christoph Hellwig
Date: Sat Jun 10 2023 - 02:12:07 EST

Next message: syzbot: "[syzbot] [udf?] KASAN: slab-use-after-free Read in udf_free_blocks"
Previous message: Alan Huang: "Re: [PATCH 4/4] Docs/RCU/rculist_nulls: Drop unnecessary '_release' in insert function"
In reply to: Jingbo Xu: "[RFC] block: relax permission for Persistent Reservations ioctl"
Next in thread: Jingbo Xu: "Re: [RFC] block: relax permission for Persistent Reservations ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 09, 2023 at 06:21:22PM +0800, Jingbo Xu wrote:
> When the shared storage is accessed from containers [1], it's not
> recommended to grant CAP_SYS_ADMIN to containers for access to
> Persistent Reservations in risk of container escape.
>
> Remove the extra CAP_SYS_ADMIN permission constraint for Persistent
> Reservations ioctl which shall do no harm [2].

I think we still to check that if CAP_SYS_ADMIN is not present,
the file descriptors needs to be open for write, and we're not called
on a partition (the latter should probbaly be always checked,
as a reservation for a partitions doesn't make sense).

But in general I think relaxing this is a good idea, we just need to
be very careful. Looking at the discussion of unprivileged nvme
command passthrough might be a good start.

Next message: syzbot: "[syzbot] [udf?] KASAN: slab-use-after-free Read in udf_free_blocks"
Previous message: Alan Huang: "Re: [PATCH 4/4] Docs/RCU/rculist_nulls: Drop unnecessary '_release' in insert function"
In reply to: Jingbo Xu: "[RFC] block: relax permission for Persistent Reservations ioctl"
Next in thread: Jingbo Xu: "Re: [RFC] block: relax permission for Persistent Reservations ioctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]