Looking for users of userfaultfd(2) syscall in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

Kernel 5.12 added support to SELinux for controlling access to the
userfaultfd interface [1][2] and we'd like to implement this in
Fedora's selinux-policy. However, once we add the corresponding class
to the policy, all SELinux domains for which we don't add the
appropriate rules will have any usage of userfaultfd(2) denied.

Therefore, we would like to identify as many users of this syscall as
possible before we make that change, so that we can add and test all
the needed rules in one go, minimizing the amount of denials found
after the fact. My understanding is that userfaultfd(2) doesn't have
many users among system services, so it should be possible to catch
most/all of them in advance.

So if you know that your (or any other) Fedora component uses
userfaultfd(2), please let us know. AFAIK, at least QEMU most likely
uses it, so we'll have that one on our radar, but we'd like to know if
there are any other programs/services we need to cover.

Thanks!

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=29cd6591ab6fee3125ea5c1bf350f5013bc615e1
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b537900f1598b67bcb8acac20da73c6e26ebbf99
--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux