Re: [PATCH] scsi: allow persistent reservations without CAP_SYS_RAWIO

[Paolo Bonzini]

Il 12/06/2012 20:02, James Bottomley ha scritto:
>> > Thanks for taking the time to explain---I knew about this, but I thought
>> > it could (perhaps should) be disabled on the SAN.  Anybody could already
>> > use reservation by transport ID if they had root access on the local
>> > machine, no?
> No ... it's required for multipath to work correctly and multipath is a
> usual enterprise feature.
> 
> The only way around this is either to trust your users or not to give
> out root ... and most data centres choose the latter.  It causes real
> pain from NPIV and SR-IOV ...

I can imagine...  my impression was that it would only affect whatever
LUNs the zoning allowed access to (NPIV is pretty much required to use
persistent reservations on guests, or guests will all share the same WWN).

Would it be acceptable to restrict access to PR OUT with ALL_TG_PT set,
and allow it freely without the flag?

Paolo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/