On Mon, Aug 22, 2022 at 5:21 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > This patchset includes three patches: one to add a new LSM hook for > the IORING_OP_URING_CMD operation, one to add the SELinux > implementation for the new hook, and one to enable > IORING_OP_URING_CMD for /dev/null. The last patch, the /dev/null > support, is obviously not critical but it makes testing so much > easier and I believe is in keeping with the general motivation behind > /dev/null. > > Luis' patch has already been vetted by Jens and the io_uring folks, > so the only new bits are the SELinux implementation and the trivial > /dev/null implementation of IORING_OP_URING_CMD. Assuming no one > has any objections over the next few days, I'll plan on sending this > up to Linus during the v6.0-rcX cycle. > > I believe Casey is also currently working on Smack support for the > IORING_OP_URING_CMD hook, and as soon as he is ready I can add it > to this patchset (or Casey can send it up himself). > > -Paul > > --- > > Luis Chamberlain (1): > lsm,io_uring: add LSM hooks for the new uring_cmd file op > > Paul Moore (2): > selinux: implement the security_uring_cmd() LSM hook > /dev/null: add IORING_OP_URING_CMD support > > > drivers/char/mem.c | 6 ++++++ > include/linux/lsm_hook_defs.h | 1 + > include/linux/lsm_hooks.h | 3 +++ > include/linux/security.h | 5 +++++ > io_uring/uring_cmd.c | 5 +++++ > security/security.c | 4 ++++ > security/selinux/hooks.c | 24 ++++++++++++++++++++++++ > security/selinux/include/classmap.h | 2 +- > 8 files changed, 49 insertions(+), 1 deletion(-) FYI, I just merged this into lsm/stable-6.0 and once the automated testing completes and we sort out the Smack patch I'll send this up to Linus. -- paul-moore.com