https://bugzilla.novell.com/show_bug.cgi?id=550021
https://bugzilla.novell.com/show_bug.cgi?id=550021#c55
Jan Engelhardt
The comment in linux/capability.h lead to CAP_SYS_ADMIN as a prerequisite for being able to send any SCSI command. Do I need CAP_SYS_RAWIO in addition?
I have skimmed the source code (linux-kernel/drivers/scsi/sg.c), and it would seem that CAP_SYS_RAWIO is sufficient in many spots where it is used: 13:43 ares07:../drivers/scsi > grep SYS_RAWIO *.c hpsa.c: if (!capable(CAP_SYS_RAWIO)) hpsa.c: if (!capable(CAP_SYS_RAWIO)) scsi_debug.c: if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) scsi_ioctl.c: if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) scsi_ioctl.c: if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) sg.c: if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) sg.c: if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) sg.c: if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) sg.c: if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) st.c: !capable(CAP_SYS_RAWIO)) Of course, one could also grep for SYS_ADMIN and get some locations where RAWIO is not tested for - but such invocations lie outside sg.c and usually involve things like sysfs/sysctl tunables, so should not be too relevant. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.