Re: [RFC PATCH 7/9] lsm,io_uring: add LSM hooks to io_uring

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Paul,

>  #define CREATE_TRACE_POINTS
>  #include <trace/events/io_uring.h>
> @@ -6537,6 +6538,11 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
>  		if (!req->work.creds)
>  			return -EINVAL;
>  		get_cred(req->work.creds);
> +		ret = security_uring_override_creds(req->work.creds);
> +		if (ret) {
> +			put_cred(req->work.creds);
> +			return ret;
> +		}

Why are you calling this per requests, shouldn't this be done in
io_register_personality()?

I'm also not sure if this really gains anything as io_register_personality()
only captures the value of get_current_cred(), so the process already has changed to
the credentials (at least once for the io_uring_register(IORING_REGISTER_PERSONALITY)
call).

metze
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux