Re: [PATCH v2] lsm,io_uring: add LSM hooks for the new uring_cmd file op

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Aug 10, 2022 at 3:26 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
>
> On 8/10/2022 11:52 AM, Luis Chamberlain wrote:
> > On Wed, Aug 10, 2022 at 02:39:54PM -0400, Paul Moore wrote:
> >> On Wed, Aug 10, 2022 at 2:14 PM Luis Chamberlain <mcgrof@xxxxxxxxxx> wrote:
> >>> On Fri, Jul 15, 2022 at 01:28:35PM -0600, Jens Axboe wrote:
> >>>> On 7/15/22 1:16 PM, Luis Chamberlain wrote:
> >>>>> io-uring cmd support was added through ee692a21e9bf ("fs,io_uring:
> >>>>> add infrastructure for uring-cmd"), this extended the struct
> >>>>> file_operations to allow a new command which each subsystem can use
> >>>>> to enable command passthrough. Add an LSM specific for the command
> >>>>> passthrough which enables LSMs to inspect the command details.
> >>>>>
> >>>>> This was discussed long ago without no clear pointer for something
> >>>>> conclusive, so this enables LSMs to at least reject this new file
> >>>>> operation.
> >>>> From an io_uring perspective, this looks fine to me. It may be easier if
> >>>> I take this through my tree due to the moving of the files, or the
> >>>> security side can do it but it'd have to then wait for merge window (and
> >>>> post io_uring branch merge) to do so. Just let me know. If done outside
> >>>> of my tree, feel free to add:
> >>>>
> >>>> Acked-by: Jens Axboe <axboe@xxxxxxxxx>
> >>> Paul, Casey, Jens,
> >>>
> >>> should this be picked up now that we're one week into the merge window?
> >> Your timing is spot on!  I wrapped up a SELinux/SCTP issue by posting
> >> the patches yesterday and started on the io_uring/CMD patches this
> >> morning :)
> >>
> >> Give me a few days to get this finished, tested, etc. and I'll post a
> >> patchset with your main patch, the Smack patch from Casey, the SELinux
> >> patch, and the /dev/null patch so we can all give it a quick sanity
> >> check before I merge it into the LSM/stable branch and send it to
> >> Linus.  Does that sound okay?
>
> It's taking a while to get a satisfactory test going for Smack,
> but I should have something in a few days.

Thanks Casey.  When I get a test working for SELinux I'll be sure to
send it your way just in case.

-- 
paul-moore.com
[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux