Re: [PATCH] virtio: nsm: require CAP_SYS_ADMIN for raw messages

Next message: Bjoern Doebel: "Re: [PATCH 5.15.y] ring-buffer: Remove ring_buffer_read_prepare_sync()"
Previous message: Julian Braha: "Re: [PATCH v14 4/5] gpio: rpmsg: add generic rpmsg GPIO driver"
In reply to: Yousef Alhouseen: "[PATCH] virtio: nsm: require CAP_SYS_ADMIN for raw messages"
Next in thread: Yousef Alhouseen: "Re: [PATCH] virtio: nsm: require CAP_SYS_ADMIN for raw messages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Graf (AWS), Alexander

Date: Thu Jun 25 2026 - 18:19:23 EST

On 24.06.26 19:36, Yousef Alhouseen wrote:
> NSM_IOCTL_RAW is documented as CAP_SYS_ADMIN-only.
>
> /dev/nsm is mode 0666, but the ioctl handler did not check that capability.
>
> Reject unprivileged raw messages before sending them to the device.
>
> Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>

This looks like a direct duplicate of
https://lore.kernel.org/lkml/20260621085743.76329-1-khoavna.tin.2225@xxxxxxxxx/?

Alex

Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597