[PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()

Paul Moore paul at paul-moore.com
Sun Jan 5 02:12:26 UTC 2025


On Thu, Dec 19, 2024 at 4:34 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 12/19/2024 12:41 PM, Hamza Mahfooz wrote:
> > It is desirable to allow LSM to configure accessibility to io_uring.
>
> Why is it desirable to allow LSM to configure accessibility to io_uring?

Look at some of the existing access controls that some LSMs, including
Smack, have implemented to control access to certain parts of io_uring
such as credential sharing.  While having a control point at the top
of io_uring_setup() is a fairly coarse way to restrict io_uring, the
advantage is that it is very simple.

--
paul-moore.com



More information about the Linux-security-module-archive mailing list