On Fri, 2018-11-16 at 12:43 -0500, Theodore Y. Ts'o wrote: > I'd argue that a purpose-built eBPF access control facility is > superior to the security_file_ioctl() LSM hook because it can make > available to the authorization function access to the cached results > of the SCSI INQUIRY command, and it avoids needing to duplicate > knowledge of how to parse the parameters of the SG_IO ioctl in the LSM > module as well as in the SCSI stack.
If an eBPF program would decide which SG_IO commands will be executed and which ones not, does that mean that a SCSI parser would have to be implemented in eBPF? If so, does that mean that both the eBPF and the LSM approach share the disadvantage of requiring to do SCSI CDB parsing outside the SCSI core? Bart.
