Re: [patch] My AMD IDE driver, v2.7

Jeff Garzik (jgarzik@mandrakesoft.com)
Fri, 15 Mar 2002 06:05:21 -0500


Pavel Machek wrote:

>Hi
>
>>Under more restricted domains, root cannot bit-bang the interface.
>> s/CAP_SYS_RAWIO/CAP_DEVICE_CMD/ for the raw cmd ioctl interface. Have
>>
>
>Nobody uses capabilities these days, right?
>

Actually, the NSA and HP secure linux products do, at the very least.
And there is some ELF capabilities project out there IIRC, but I dunno
if anybody's using it.

>>The filter is useful for other reasons like correctness, as well.
>>
>
>If you want to test if it works, you just disallow that access altogether.
>It is usually not needed , anyway.
>

The filter, or directly sending drive commands to userspace?

I agree the filter is of limited usefulness.

Sending drive commands directly from userspace is definitely -very-
useful. As we start doing more and more stuff in userspace, I predict
this facility will be used more and more. Plus, IBM particularly
already has their Drive Fitness Tests, or whatever, sending direct drive
commands. With the proper sequencing, you can even do power management
of the drives in userspace. You don't want to do system suspend/resume
that way, but you can certainly have a userspace policy daemon running,
that powers-down and powers-up the drives, etc.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/