[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210218170947.15727-1-mario.limonciello@dell.com>
Date: Thu, 18 Feb 2021 11:09:45 -0600
From: Mario Limonciello <mario.limonciello@...l.com>
To: Keith Busch <kbusch@...nel.org>
Cc: Jens Axboe <axboe@...com>, Christoph Hellwig <hch@....de>,
Sagi Grimberg <sagi@...mberg.me>,
linux-nvme@...ts.infradead.org,
LKML <linux-kernel@...r.kernel.org>,
Richard Hughes <hughsient@...il.com>, jorgelo@...omium.org,
campello@...gle.com, Mario Limonciello <mario.limonciello@...l.com>
Subject: [RFC 0/2] Split out firmware upgrade from CAP_SYS_ADMIN
Currently NVME (and probably other drivers) require CAP_SYS_ADMIN to
send all commands to the device. This means that software running
in userspace needs the stronger CAP_SYS_ADMIN permission when realistically
a more limited subset of functionality is actually needed.
To allow software that performs firmware upgrades to run without CAP_SYS_ADMIN,
create a new capability CAP_FIRMWARE_UPGRADE that software can run with.
For the RFC, only include NVME. Other drivers can be added if suggested.
Mario Limonciello (2):
capability: Introduce CAP_FIRMWARE_UPGRADE
nvme: Use CAP_FIRMWARE_UPGRADE to check user commands
drivers/nvme/host/core.c | 28 ++++++++++++++++++++++++----
include/linux/capability.h | 5 +++++
include/uapi/linux/capability.h | 7 ++++++-
security/selinux/include/classmap.h | 4 ++--
4 files changed, 37 insertions(+), 7 deletions(-)
--
2.25.1
Powered by blists - more mailing lists