>>If LVM is special there, wouldn't it make more sense to check for LVM >>directly rather than dropping this capability?
yes I think it's specific to LVM. (note that I was not talking about dropping the capability for qemu, I was talking about dropping the capability for the test of device (in qemuserver.pm, scsi_inquiry()) ----- Mail original ----- De: "Wolfgang Bumiller" <w.bumil...@proxmox.com> À: "dietmar" <diet...@proxmox.com> Cc: "aderumier" <aderum...@odiso.com>, "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Jeudi 25 Février 2016 08:47:43 Objet: Re: [pve-devel] virtual scsi disk passed with scsi-block with lvm host storage (wrong) On Thu, Feb 25, 2016 at 07:48:41AM +0100, Dietmar Maurer wrote: > I just found package liblinux-prctl-perl, which can do > > Linux::Prctl::capbset_drop(CAP_SYS_RAWIO); > > That way we could do it inside perl before the SCSI INQUIRY syscall. > Would that solve the problem? > > But we would need to fork before calling capbset_drop ... If LVM is special there, wouldn't it make more sense to check for LVM directly rather than dropping this capability? While apparently most devices only need read-access for the SG_IO ioctl, capabilities(7) states that you need CAP_SYS_RAWIO for "various scsi commands" and "a range of device-specific operations on other devices": capabilities(7): CAP_SYS_RAWIO * Perform I/O port operations (iopl(2) and ioperm(2)); (...) * perform various SCSI device commands; (...) * perform a range of device-specific operations on other devices. > > On February 25, 2016 at 6:54 AM Dietmar Maurer <diet...@proxmox.com> wrote: > > > > > > > #capsh --drop=cap_sys_rawio -- -c 'sg_inq /dev/pve/vm-115-disk-2' > > > Both SCSI INQUIRY and fetching ATA information failed on > > > /dev/pve/vm-115-disk-2 > > > > Why --drop=cap_sys_rawio ? Does kvm drop this when starting? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
