Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()

From: Paul Moore
Date: Sat Jan 04 2025 - 21:12:48 EST

Next message: syzbot: "Re: [syzbot] [dri?] divide error in drm_mode_convert_to_umode"
Previous message: Andrew Morton: "[GIT PULL] hotfixes for 6.13-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 19, 2024 at 4:34 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 12/19/2024 12:41 PM, Hamza Mahfooz wrote:
> > It is desirable to allow LSM to configure accessibility to io_uring.
>
> Why is it desirable to allow LSM to configure accessibility to io_uring?

Look at some of the existing access controls that some LSMs, including
Smack, have implemented to control access to certain parts of io_uring
such as credential sharing. While having a control point at the top
of io_uring_setup() is a fairly coarse way to restrict io_uring, the
advantage is that it is very simple.

--
paul-moore.com

Next message: syzbot: "Re: [syzbot] [dri?] divide error in drm_mode_convert_to_umode"
Previous message: Andrew Morton: "[GIT PULL] hotfixes for 6.13-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]