On Thu, Dec 19, 2024 at 4:34 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 12/19/2024 12:41 PM, Hamza Mahfooz wrote: > > It is desirable to allow LSM to configure accessibility to io_uring. > > Why is it desirable to allow LSM to configure accessibility to io_uring? Look at some of the existing access controls that some LSMs, including Smack, have implemented to control access to certain parts of io_uring such as credential sharing. While having a control point at the top of io_uring_setup() is a fairly coarse way to restrict io_uring, the advantage is that it is very simple. -- paul-moore.com
