[PATCH] lsm,io_uring: add LSM hooks to for the new uring_cmd file op
Luis Chamberlain
mcgrof at kernel.org
Fri Jul 15 19:02:37 UTC 2022
On Fri, Jul 15, 2022 at 02:46:16PM -0400, Paul Moore wrote:
> It looks like I owe you an apology, Luis. While my frustration over
> io_uring remains, along with my disappointment that the io_uring
> developers continue to avoid discussing access controls with the LSM
> community, you are not the author of the IORING_OP_URING_CMD. You
> are simply trying to do the right thing by adding the necessary LSM
> controls and in my confusion I likely caused you a bit of frustration;
> I'm sorry for that.
No frustration caused, I get it.
> Well, we're at -rc6 right now which means IORING_OP_URING_CMD is
> happening and it's unlikely the LSM folks are going to be able to
> influence the design/implementation much at this point so we have to
> do the best we can. Given the existing constraints, I think your
> patch is reasonable (although please do shift the hook call site down
> a bit as discussed above), we just need to develop the LSM
> implementations to go along with it.
>
> Luis, can you respin and resend the patch with the requested changes?
Sure thing.
> I also think we should mark the patches with a 'Fixes:' line that
> points at the IORING_OP_URING_CMD commit, ee692a21e9bf ("fs,io_uring:
> add infrastructure for uring-cmd").
I'll do that.
Luis
More information about the Linux-security-module-archive
mailing list