Re: [RFC PATCH 4/9] audit: add filtering for io_uring records

[RFC PATCH 0/9] Add LSM access controls and auditing to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-21
[RFC PATCH 1/9] audit: prepare audit_context for use in calling contexts beyond syscalls · Paul Moore <paul@paul-moore.com> · 2021-05-21
[RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-21
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-05-22
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-22
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-05-23
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-24
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-05-25
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-25
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Steve Grubb <hidden> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Stefan Metzmacher <metze@samba.org> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Victor Stewart <hidden> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Casey Schaufler <casey@schaufler-ca.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Richard Guy Briggs <hidden> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Richard Guy Briggs <hidden> · 2021-05-27
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-28
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-06-02
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Richard Guy Briggs <hidden> · 2021-06-02
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-06-03
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-06-02
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Pavel Begunkov <asml.silence@gmail.com> · 2021-06-03
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Casey Schaufler <casey@schaufler-ca.com> · 2021-06-03
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Jens Axboe <axboe@kernel.dk> · 2021-06-03
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-06-04
Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-26
Re: [RFC PATCH 2/9] audit, io_uring, io-wq: add some basic audit support to io_uring · Richard Guy Briggs <hidden> · 2021-06-02
Re: [RFC PATCH 2/9] audit, io_uring, io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-06-02
Re: [RFC PATCH 2/9] audit, io_uring, io-wq: add some basic audit support to io_uring · Richard Guy Briggs <hidden> · 2021-08-25
Re: [RFC PATCH 2/9] audit, io_uring, io-wq: add some basic audit support to io_uring · Paul Moore <paul@paul-moore.com> · 2021-08-25
[RFC PATCH 3/9] audit: dev/test patch to force io_uring auditing · Paul Moore <paul@paul-moore.com> · 2021-05-21
[RFC PATCH 4/9] audit: add filtering for io_uring records · Paul Moore <paul@paul-moore.com> · 2021-05-21
Re: [RFC PATCH 4/9] audit: add filtering for io_uring records · Richard Guy Briggs <hidden> · 2021-05-28
Re: [RFC PATCH 4/9] audit: add filtering for io_uring records · Paul Moore <paul@paul-moore.com> · 2021-05-30
Re: [RFC PATCH 4/9] audit: add filtering for io_uring records · Richard Guy Briggs <hidden> · 2021-05-31
Re: [RFC PATCH 4/9] audit: add filtering for io_uring records · Paul Moore <paul@paul-moore.com> · 2021-06-02
Re: [RFC PATCH 4/9] audit: add filtering for io_uring records · Richard Guy Briggs <hidden> · 2021-06-02
Re: [RFC PATCH 4/9] audit: add filtering for io_uring records · Paul Moore <paul@paul-moore.com> · 2021-06-02
[PATCH 1/2] audit: add filtering for io_uring records, addendum · Richard Guy Briggs <hidden> · 2021-05-31
Re: [PATCH 1/2] audit: add filtering for io_uring records, addendum · kernel test robot <hidden> · 2021-05-31
Re: [PATCH 1/2] audit: add filtering for io_uring records, addendum · kernel test robot <hidden> · 2021-05-31
Re: [PATCH 1/2] audit: add filtering for io_uring records, addendum · Paul Moore <paul@paul-moore.com> · 2021-06-07
Re: [PATCH 1/2] audit: add filtering for io_uring records, addendum · Richard Guy Briggs <hidden> · 2021-06-08
Re: [PATCH 1/2] audit: add filtering for io_uring records, addendum · Paul Moore <paul@paul-moore.com> · 2021-06-09
[PATCH 2/2] audit: block PERM fields being used with io_uring filtering · Richard Guy Briggs <hidden> · 2021-05-31
[RFC PATCH 5/9] fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() · Paul Moore <paul@paul-moore.com> · 2021-05-21
[RFC PATCH 6/9] io_uring: convert io_uring to the secure anon inode interface · Paul Moore <paul@paul-moore.com> · 2021-05-21
[RFC PATCH 7/9] lsm,io_uring: add LSM hooks to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-21
Re: [RFC PATCH 7/9] lsm,io_uring: add LSM hooks to io_uring · Stefan Metzmacher <metze@samba.org> · 2021-05-26
Re: [RFC PATCH 7/9] lsm,io_uring: add LSM hooks to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-26
[RFC PATCH 8/9] selinux: add support for the io_uring access controls · Paul Moore <paul@paul-moore.com> · 2021-05-21
[RFC PATCH 9/9] Smack: Brutalist io_uring support with debug · Paul Moore <paul@paul-moore.com> · 2021-05-21
Re: [RFC PATCH 0/9] Add LSM access controls and auditing to io_uring · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2021-05-22
Re: [RFC PATCH 0/9] Add LSM access controls and auditing to io_uring · Paul Moore <paul@paul-moore.com> · 2021-05-22

From: Paul Moore <paul@paul-moore.com>
Date: 2021-06-02 17:21:23
Also in: linux-fsdevel, linux-security-module, selinux

On Wed, Jun 2, 2021 at 11:38 AM Richard Guy Briggs [off-list ref] wrote:

On 2021-06-01 21:40, Paul Moore wrote:

quoted

On Mon, May 31, 2021 at 9:44 AM Richard Guy Briggs [off-list ref] wrote:

quoted

On 2021-05-30 11:26, Paul Moore wrote:

quoted

On Fri, May 28, 2021 at 6:36 PM Richard Guy Briggs [off-list ref] wrote:

quoted

On 2021-05-21 17:50, Paul Moore wrote:
If we abuse the syscall infrastructure at first, we'd need a transition
plan to coordinate user and kernel switchover to seperate mechanisms for
the two to work together if the need should arise to have both syscall
and uring filters in the same rule.

See my comments above, I don't currently see why we would ever want
syscall and io_uring filtering to happen in the same rule.  Please
speak up if you can think of a reason why this would either be needed,
or desirable for some reason.

I think they can be seperate rules for now.  Either a syscall rule
catching all io_uring ops can be added, or an io_uring rule can be added
to catch specific ops.  The scenario I was thinking of was catching
syscalls of specific io_uring ops.

Perhaps I'm misunderstand you, but that scenario really shouldn't
exist.  The io_uring ops function independently of syscalls; you can
*submit* io_uring ops via io_uring_enter(), but they are not
guaranteed to be dispatched synchronously (obviously), and given the
cred shenanigans that can happen with io_uring there is no guarantee
the filters would even be applicable.

That wasn't my understanding.  There are a number of io_uring calls
starting with at least open that are currently synchronous (but may
become async in future) that we may want to single out which would be a
specific io_uring syscall with a specific io_uring opcode.  I guess
that particular situation would be caught by the io_uring opcode
triggering an event that includes SYSCALL and URINGOP records.

The only io_uring syscalls are io_uring_setup(2), io_uring_enter(2),
etc., the stuff that is dispatched in io_issue_sqe() are the io_uring
ops/opcodes/whatever.  They *look* like syscalls but they are not and
we have to treat them differently.

quoted

It isn't an issue of "can" the filters be separate, they *have* to be separate.

-- 
paul moore
www.paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help