On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote: > On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote: > > > > All the iSCSI boot entries are read-only anyway; it's unclear why > > the > > CAP_SYS_ADMIN restriction is in place since this information isn't > > particularly sensitive and cannot be changed. Userspace > > applications > > may want to read this without requiring CAP_SYS_ADMIN for their > > entire process just for iBFT info. > > > > Signed-off-by: Dan Williams <[email protected]> > > Uh, because there are login credentials to the target in there.
Fair enough. So can we just check CAP_SYS_ADMIN for the login credentials, and not check it for all the IP details and such? Dan > > > > --- > > drivers/scsi/iscsi_boot_sysfs.c | 3 --- > > 1 file changed, 3 deletions(-) > > > > diff --git a/drivers/scsi/iscsi_boot_sysfs.c > > b/drivers/scsi/iscsi_boot_sysfs.c > > index d453667..4e9c324 100644 > > --- a/drivers/scsi/iscsi_boot_sysfs.c > > +++ b/drivers/scsi/iscsi_boot_sysfs.c > > @@ -47,9 +47,6 @@ static ssize_t iscsi_boot_show_attribute(struct > > kobject *kobj, > > ssize_t ret = -EIO; > > char *str = buf; > > > > - if (!capable(CAP_SYS_ADMIN)) > > - return -EACCES; > > - > > if (boot_kobj->show) > > ret = boot_kobj->show(boot_kobj->data, boot_attr- > > >type, str); > > return ret; > > -- > > 2.7.4 > -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/open-iscsi. For more options, visit https://groups.google.com/d/optout.
