[PATCH] io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL
Jens Axboe
axboe at kernel.dk
Tue Jan 23 22:35:05 UTC 2024
On Tue, 23 Jan 2024 16:55:02 -0500, Paul Moore wrote:
> We need to correct some aspects of the IORING_OP_FIXED_FD_INSTALL
> command to take into account the security implications of making an
> io_uring-private file descriptor generally accessible to a userspace
> task.
>
> The first change in this patch is to enable auditing of the FD_INSTALL
> operation as installing a file descriptor into a task's file descriptor
> table is a security relevant operation and something that admins/users
> may want to audit.
>
> [...]
Applied, thanks!
[1/1] io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL
commit: 16bae3e1377846734ec6b87eee459c0f3551692c
Best regards,
--
Jens Axboe
More information about the Linux-security-module-archive
mailing list