[PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()
Paul Moore
paul at paul-moore.com
Sun Jan 5 02:12:26 UTC 2025
On Thu, Dec 19, 2024 at 4:34 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 12/19/2024 12:41 PM, Hamza Mahfooz wrote:
> > It is desirable to allow LSM to configure accessibility to io_uring.
>
> Why is it desirable to allow LSM to configure accessibility to io_uring?
Look at some of the existing access controls that some LSMs, including
Smack, have implemented to control access to certain parts of io_uring
such as credential sharing. While having a control point at the top
of io_uring_setup() is a fairly coarse way to restrict io_uring, the
advantage is that it is very simple.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list