[PATCH 1/2] iouring: one capable call per iouring instance

Jens Axboe axboe at kernel.dk
Mon Dec 4 19:01:38 UTC 2023


On 12/4/23 11:40 AM, Jeff Moyer wrote:
> Finally, as Jens mentioned, I would expect dropping priviliges to, you
> know, drop privileges.  I don't think a commit message is going to be
> enough documentation for a change like this.

Only thing I can think of here is to cache the state in
task->io_uring->something, and then ensure those are invalidated
whenever caps change. It's one of those cases where that's probably only
done once, but we do need to be able to catch it. Not convinced that
caching it at ring creation is sane enough, even if it is kind of like
opening devices before privs are dropped where you could not otherwise
re-open them later on.

-- 
Jens Axboe




More information about the Linux-security-module-archive mailing list