Thinking some more about this, a simpler approach could be to implement a whitelist of paths that are accepted. I could imagine something like: - block devices directly in /dev - anything below /dev/disk Virtual block devices like from LVM or dmcrypt should not be needed here, since they shouldn't deliver SMART data anyways.