[pve-devel] virtual scsi disk passed with scsi-block with lvm host storage (wrong)

[Alexandre DERUMIER]

>>If LVM is special there, wouldn't it make more sense to check for LVM
>>directly rather than dropping this capability?

yes I think it's specific to LVM. 

(note that I was not talking about dropping the capability for qemu, I was talking about dropping the capability for the test of device (in qemuserver.pm, scsi_inquiry()) 
----- Mail original -----
De: "Wolfgang Bumiller" <w.bumiller at proxmox.com>
À: "dietmar" <dietmar at proxmox.com>
Cc: "aderumier" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Jeudi 25 Février 2016 08:47:43
Objet: Re: [pve-devel] virtual scsi disk passed with scsi-block with lvm host storage (wrong)

On Thu, Feb 25, 2016 at 07:48:41AM +0100, Dietmar Maurer wrote: 
> I just found package liblinux-prctl-perl, which can do 
> 
> Linux::Prctl::capbset_drop(CAP_SYS_RAWIO); 
> 
> That way we could do it inside perl before the SCSI INQUIRY syscall. 
> Would that solve the problem? 
> 
> But we would need to fork before calling capbset_drop ... 

If LVM is special there, wouldn't it make more sense to check for LVM 
directly rather than dropping this capability? While apparently most 
devices only need read-access for the SG_IO ioctl, capabilities(7) 
states that you need CAP_SYS_RAWIO for "various scsi commands" and "a 
range of device-specific operations on other devices": 

capabilities(7): 
CAP_SYS_RAWIO 
* Perform I/O port operations (iopl(2) and ioperm(2)); 
(...) 
* perform various SCSI device commands; 
(...) 
* perform a range of device-specific operations on other devices. 

> > On February 25, 2016 at 6:54 AM Dietmar Maurer <dietmar at proxmox.com> wrote: 
> > 
> > 
> > > #capsh --drop=cap_sys_rawio -- -c 'sg_inq /dev/pve/vm-115-disk-2' 
> > > Both SCSI INQUIRY and fetching ATA information failed on 
> > > /dev/pve/vm-115-disk-2 
> > 
> > Why --drop=cap_sys_rawio ? Does kvm drop this when starting?