No- it's hard to say how that could be implemented. It might
be a vendor unique command (e.g., for a stacker). And you may
not be able to have the device open for writing... The only
thing you might want to do is to check for obvious system
intereference commands, e.g. COPY or RESERVE (with 3rd party
reservation), and disallow those.

Is there a big problem, in this case, with depending upon
permisions of the /dev entry?

On Thu, 16 Jul 1998, Jason Thorpe wrote:

> On Thu, 16 Jul 1998 16:41:08 -0400 
>  "Perry E. Metzger" <perry@piermont.com> wrote:
> 
>  > Should the raw scsi commands not be conditionalized on being in a low
>  > enough secure level, for obvious reasons?
> 
> no, the restriction should be "have device open for writing, unless command
> doens't change the device's state".
> 
> Jason R. Thorpe                                       thorpej@nas.nasa.gov
> NASA Ames Research Center                            Home: +1 408 866 1912
> NAS: M/S 258-5                                       Work: +1 650 604 0935
> Moffett Field, CA 94035                             Pager: +1 650 940 5942
>