On Mon, Oct 23, 2023 at 07:44:56AM +0200, Christoph Hellwig wrote:
Yes, you need someone with root access to change the device node persmissions. But we allowed that under the assumption it is safe to do so, which it turns out it is not.
Okay, iiuc, while we have to opt-in to allow this hole, we need another option for users to set to allow this usage because it's not safe.
Here are two options I have considered for unpriveledged access, please let me know if you have others or thoughts.
Restrict access for processes with CAP_SYS_RAWIO, which can be granted to non-root users. This cap is already used in scsi subsystem, too.
A per nvme-generic namespace sysfs attribute that only root can toggle that would override any caps and just rely on access permissions.