The last problem in the SG_IO whitelist is that because the bitmap of allowed commands is designed for MMC devices only, some commands are missing even though they are generally useful and not insecure. At least, they are not more insecure than anything else you can do if you have access to /dev/sdX or /dev/stX nodes.
In particular, the whitelist is hardly usable for tapes; and in the case of virtualization, the few missing commands for disks may cause guests to log errors. Paolo Paolo Bonzini (7): sg_io: complete transition to per-class lists of allowed commands sg_io: create separate entries for conflicting commands sg_io: cleanup and complete whitelist for rare device types sg_io: whitelist another command for multimedia devices sg_io: cleanup and complete whitelist for media changers sg_io: cleanup and complete whitelist for tapes sg_io: cleanup and complete whitelist for disks block/scsi_ioctl.c | 309 ++++++++++++++++++++++++++++++++++------------------ include/scsi/scsi.h | 3 + 2 files changed, 206 insertions(+), 106 deletions(-) -- 1.8.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
