This patchset includes three patches: one to add a new LSM hook for
the IORING_OP_URING_CMD operation, one to add the SELinux
implementation for the new hook, and one to enable
IORING_OP_URING_CMD for /dev/null. The last patch, the /dev/null
support, is obviously not critical but it makes testing so much
easier and I believe is in keeping with the general motivation behind
/dev/null.
Luis' patch has already been vetted by Jens and the io_uring folks,
so the only new bits are the SELinux implementation and the trivial
/dev/null implementation of IORING_OP_URING_CMD. Assuming no one
has any objections over the next few days, I'll plan on sending this
up to Linus during the v6.0-rcX cycle.
I believe Casey is also currently working on Smack support for the
IORING_OP_URING_CMD hook, and as soon as he is ready I can add it
to this patchset (or Casey can send it up himself).
-Paul
---
Luis Chamberlain (1):
lsm,io_uring: add LSM hooks for the new uring_cmd file op
Paul Moore (2):
/dev/null: add IORING_OP_URING_CMD support
selinux: implement the security_uring_cmd() LSM hook
drivers/char/mem.c | 6 ++++++
include/linux/lsm_hook_defs.h | 1 +
include/linux/lsm_hooks.h | 3 +++
include/linux/security.h | 5 +++++
io_uring/uring_cmd.c | 5 +++++
security/security.c | 4 ++++
security/selinux/hooks.c | 24 ++++++++++++++++++++++++
security/selinux/include/classmap.h | 2 +-
8 files changed, 49 insertions(+), 1 deletion(-)
