On 09/08/2021 11:50, Niklas Cassel wrote:
From: Niklas Cassel niklas.cassel@wdc.com
Zone management send operations (BLKRESETZONE, BLKOPENZONE, BLKCLOSEZONE and BLKFINISHZONE) should be allowed under the same permissions as write(). (write() does not require CAP_SYS_ADMIN).
Additionally, other ioctls like BLKSECDISCARD and BLKZEROOUT only check if the fd was successfully opened with FMODE_WRITE. (They do not require CAP_SYS_ADMIN).
Currently, zone management send operations require both CAP_SYS_ADMIN and that the fd was successfully opened with FMODE_WRITE.
Remove the CAP_SYS_ADMIN requirement, so that zone management send operations match the access control requirement of write(), BLKSECDISCARD and BLKZEROOUT.
Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") Signed-off-by: Niklas Cassel niklas.cassel@wdc.com Reviewed-by: Damien Le Moal damien.lemoal@wdc.com Reviewed-by: Aravind Ramesh aravind.ramesh@wdc.com Reviewed-by: Adam Manzanares a.manzanares@samsung.com Reviewed-by: Himanshu Madhani himanshu.madhani@oracle.com Cc: stable@vger.kernel.org # v4.10+
Looks good, Reviewed-by: Johannes Thumshirn johannes.thumshirn@wdc.com