In kernel 2.6.8 and later, SCSI generic commands are verified for safety. This may be a reasonable measure in some respects, but it makes effective non-root CD/DVD burning rather difficult. For best performance cdrecord, growisofs and friends may often need to send SCSI commands to drives that the kernel may neither know about nor understand. And (to add to the pain) these commands are very often vendor- or device-specific, so simply allowing those commands in the kernel will defeat the point of the verification in the first place. As I understand it, a common philosophy in the kernel for a long time has been to _not_ decide policy in the kernel, yet the verification stuff seems to be a little OTT, what with the allowed commands being hard-coded with no interfaces to modify the options short of editing and recompiling the kernel. I have written a preliminary patch that allows root to add overrides at run-time on a per-device basis through sysfs. I've tested this successfully here on a small selection of CD/DVD writers; it allows me to selectively re-enable various SCSI commands that should be used on my hardware. I'm hoping that this could be used as the core of a simple script to configure device permissions on a Linux system as needed. I'm not _overly_ attached to the exact implementation I've written - it's more a proof-of-concept than anything else at this stage, and I'm now happy it can work. I'd like some advice on where to go next with this to try and get such a feature into the kernel - the main kernel list, the SCSI list, the debian kernel list? Of course, comments on the code/design of what I've done would be more than welcome. Patch (against 2.6.13) attached for interest... -- Steve McIntyre, Cambridge, UK. steve@einval.com "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll
Attachment:
cmds.diff.gz
Description: Binary data
Attachment:
signature.asc
Description: Digital signature