Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-10 Thread Chris Leech
On Wed, Oct 05, 2016 at 11:00:57PM +0200, Christian Seiler wrote: > On 10/05/2016 08:28 PM, Dan Williams wrote: > > This is more about root processes dropping unnecessary privileges after > > starting. But at least for the network stuff, there doesn't seem to be > > a good reason to restrict

Antw: Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-06 Thread Ulrich Windl
>>> Konrad Rzeszutek Wilk schrieb am 05.10.2016 um 01:23 in Nachricht : > On Oct 4, 2016 12:11 PM, "Dan Williams" wrote: >> >> On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote: >> > On

Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-05 Thread Christian Seiler
On 10/05/2016 08:28 PM, Dan Williams wrote: > On Tue, 2016-10-04 at 19:23 -0400, Konrad Rzeszutek Wilk wrote: >> On Oct 4, 2016 12:11 PM, "Dan Williams" wrote: >>> >>> >>> On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote: On Tue, Oct 04, 2016 at 11:03:05AM -0500,

Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-05 Thread Dan Williams
On Tue, 2016-10-04 at 19:23 -0400, Konrad Rzeszutek Wilk wrote: > On Oct 4, 2016 12:11 PM, "Dan Williams" wrote: > > > > > > On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote: > > > > > > On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote: > > > > > > > > > > >

Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-05 Thread Konrad Rzeszutek Wilk
On Oct 4, 2016 12:11 PM, "Dan Williams" wrote: > > On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote: > > On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote: > > > > > > All the iSCSI boot entries are read-only anyway; it's unclear why > > > the > > > CAP_SYS_ADMIN

Antw: Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-05 Thread Ulrich Windl
>>> Dan Williams schrieb am 04.10.2016 um 18:11 in Nachricht <1475597465.21760.3.ca...@redhat.com>: > On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote: >> On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote: >> > >> > All the iSCSI boot entries are read-only anyway;

Re: [PATCH] iscsi_ibft,iscsi_boot: remove CAP_SYS_ADMIN restriction for reading entries

2016-10-04 Thread Peter Jones
On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote: > All the iSCSI boot entries are read-only anyway; it's unclear why the > CAP_SYS_ADMIN restriction is in place since this information isn't > particularly sensitive and cannot be changed. Userspace applications > may want to read this