Re: [RFC] PCI: allow sysfs file owner to read the config space with CAP_SYS_RAWIO

From: Greg KH
Date: Mon Oct 19 2020 - 09:15:32 EST


On Mon, Oct 19, 2020 at 06:30:16PM +0530, Allen wrote:
> > >
> > > Access to pci config space is explictly checked with CAP_SYS_ADMIN
> > > in order to read configuration space past the frist 64B.
> > >
> > > Since the path is only for reading, could we use CAP_SYS_RAWIO?
> >
> > Why? What needs this reduced capability?
>
> Thanks for the review.
>
> We need read access to /sys/bus/pci/devices/, We need write access to config,
> remove, rescan & enable files under the device directory for each PCIe
> functions & the downstream PCIe port.
>
> We need r/w access to sysfs to unbind and rebind the root complex.

That didn't answer my question at all.

Why can't you have the process that wants to do all of the above, have
admin rights as well? Doing all of that is _very_ low-level and can
cause all sorts of horrible things to happen to your machine, and is not
really "raw io" in the traditional sense at all, right?

greg k-h