Re: [PATCH] virtio: nsm: require CAP_SYS_ADMIN for raw messages

Next message: Micha&#x142; C&#x142;api&#x144;ski: "Re: [PATCH] ipmi:si: Add async init to ipmi_si"
Previous message: Yousef Alhouseen: "[PATCH v2 2/2] xen/gntalloc: validate grant count before allocation"
In reply to: Graf (AWS), Alexander: "Re: [PATCH] virtio: nsm: require CAP_SYS_ADMIN for raw messages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yousef Alhouseen

Date: Fri Jun 26 2026 - 18:39:09 EST

Thanks for catching that. You are right; this duplicates the earlier patch.

Please drop this one. Sorry for the noise.

Yousef

On Thu, 25 Jun 2026 22:19:06 +0000, "Graf (AWS), Alexander"
<graf@xxxxxxxxx> wrote:
> On 24.06.26 19:36, Yousef Alhouseen wrote:
> > NSM_IOCTL_RAW is documented as CAP_SYS_ADMIN-only.
> >
> > /dev/nsm is mode 0666, but the ioctl handler did not check that capability.
> >
> > Reject unprivileged raw messages before sending them to the device.
> >
> > Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>
>
> This looks like a direct duplicate of
> https://lore.kernel.org/lkml/20260621085743.76329-1-khoavna.tin.2225@xxxxxxxxx/?
>
> Alex
>
> Amazon Web Services Development Center Germany GmbH
> Tamara-Danz-Str. 13
> 10243 Berlin
> Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
> Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
> Sitz: Berlin
> Ust-ID: DE 365 538 597