mbox series

[v5,0/2] allow blk-zoned ioctls without CAP_SYS_ADMIN

Message ID 20210811110505.29649-1-Niklas.Cassel@wdc.com (mailing list archive)
Headers show
Series allow blk-zoned ioctls without CAP_SYS_ADMIN | expand

Message

Niklas Cassel Aug. 11, 2021, 11:05 a.m. UTC 
From: Niklas Cassel <niklas.cassel@wdc.com>

Allow the following blk-zoned ioctls: BLKREPORTZONE, BLKRESETZONE,
BLKOPENZONE, BLKCLOSEZONE, and BLKFINISHZONE to be performed without
CAP_SYS_ADMIN.

Neither read() nor write() requires CAP_SYS_ADMIN, and considering
the close relationship between read()/write() and these ioctls, there
is no reason to require CAP_SYS_ADMIN for these ioctls either.

Changes since v4:
-Picked up additional Reviewed-by tags.
-Corrected Damien's email in patch 2/2.

Changes since v3:
-Picked up additional Reviewed-by tags.

Changes since v2:
-Dropped the FMODE_READ check from patch 2/2.

Changes since v1:
-Picked up tags from Damien.
-Added fixes tags.


Niklas Cassel (2):
  blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
  blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN

 block/blk-zoned.c | 6 ------
 1 file changed, 6 deletions(-)

Comments

Jens Axboe Aug. 24, 2021, 4:13 p.m. UTC | #1 
On 8/11/21 5:05 AM, Niklas Cassel wrote:
> From: Niklas Cassel <niklas.cassel@wdc.com>
> 
> Allow the following blk-zoned ioctls: BLKREPORTZONE, BLKRESETZONE,
> BLKOPENZONE, BLKCLOSEZONE, and BLKFINISHZONE to be performed without
> CAP_SYS_ADMIN.
> 
> Neither read() nor write() requires CAP_SYS_ADMIN, and considering
> the close relationship between read()/write() and these ioctls, there
> is no reason to require CAP_SYS_ADMIN for these ioctls either.

Applied, thanks.