Currently NVME (and probably other drivers) require CAP_SYS_ADMIN to send all commands to the device. This means that software running in userspace needs the stronger CAP_SYS_ADMIN permission when realistically a more limited subset of functionality is actually needed.
To allow software that performs firmware upgrades to run without CAP_SYS_ADMIN, create a new capability CAP_FIRMWARE_UPGRADE that software can run with. For the RFC, only include NVME. Other drivers can be added if suggested. Mario Limonciello (2): capability: Introduce CAP_FIRMWARE_UPGRADE nvme: Use CAP_FIRMWARE_UPGRADE to check user commands drivers/nvme/host/core.c | 28 ++++++++++++++++++++++++---- include/linux/capability.h | 5 +++++ include/uapi/linux/capability.h | 7 ++++++- security/selinux/include/classmap.h | 4 ++-- 4 files changed, 37 insertions(+), 7 deletions(-) -- 2.25.1