Re: [PATCH] lsm,io_uring: add LSM hooks to for the new uring_cmd file op

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 15, 2022 at 02:46:16PM -0400, Paul Moore wrote:
On Thu, Jul 14, 2022 at 9:00 PM Luis Chamberlain <mcgrof@xxxxxxxxxx> wrote:
On Wed, Jul 13, 2022 at 11:00:42PM -0400, Paul Moore wrote:
> On Wed, Jul 13, 2022 at 8:05 PM Luis Chamberlain <mcgrof@xxxxxxxxxx> wrote:
> >
> > io-uring cmd support was added through ee692a21e9bf ("fs,io_uring:
> > add infrastructure for uring-cmd"), this extended the struct
> > file_operations to allow a new command which each subsystem can use
> > to enable command passthrough. Add an LSM specific for the command
> > passthrough which enables LSMs to inspect the command details.
> >
> > This was discussed long ago without no clear pointer for something
> > conclusive, so this enables LSMs to at least reject this new file
> > operation.
> >
> > [0] https://lkml.kernel.org/r/8adf55db-7bab-f59d-d612-ed906b948d19@xxxxxxxxxxxxxxxx
>
> [NOTE: I now see that the IORING_OP_URING_CMD has made it into the
> v5.19-rcX releases, I'm going to be honest and say that I'm
> disappointed you didn't post the related LSM additions

It does not mean I didn't ask for them too.

> until
> v5.19-rc6, especially given our earlier discussions.]

And hence since I don't see it either, it's on us now.

It looks like I owe you an apology, Luis.  While my frustration over
io_uring remains, along with my disappointment that the io_uring
developers continue to avoid discussing access controls with the LSM
community, you are not the author of the IORING_OP_URING_CMD.   You

I am to be shot down here. Solely.
My LSM understanding has been awful. At a level that I am not clear
how to fix if someone says - your code lacks LSM consideration.
But nothing to justify, I fully understand this is not someone else's
problem but mine. I intend to get better at it.
And I owe apology (to you/LSM-folks, Luis, Jens) for the mess.





[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux