[RFC PATCH 7/9] lsm,io_uring: add LSM hooks to io_uring
Stefan Metzmacher
metze at samba.org
Wed May 26 14:48:23 UTC 2021
Hi Paul,
> #define CREATE_TRACE_POINTS
> #include <trace/events/io_uring.h>
> @@ -6537,6 +6538,11 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
> if (!req->work.creds)
> return -EINVAL;
> get_cred(req->work.creds);
> + ret = security_uring_override_creds(req->work.creds);
> + if (ret) {
> + put_cred(req->work.creds);
> + return ret;
> + }
Why are you calling this per requests, shouldn't this be done in
io_register_personality()?
I'm also not sure if this really gains anything as io_register_personality()
only captures the value of get_current_cred(), so the process already has changed to
the credentials (at least once for the io_uring_register(IORING_REGISTER_PERSONALITY)
call).
metze
More information about the Linux-security-module-archive
mailing list