On Fri, Jul 15, 2022 at 02:46:16PM -0400, Paul Moore wrote:

On Thu, Jul 14, 2022 at 9:00 PM Luis Chamberlain [off-list ref] wrote:

quoted

On Wed, Jul 13, 2022 at 11:00:42PM -0400, Paul Moore wrote:

quoted

On Wed, Jul 13, 2022 at 8:05 PM Luis Chamberlain [off-list ref] wrote:

quoted

io-uring cmd support was added through ee692a21e9bf ("fs,io_uring:
add infrastructure for uring-cmd"), this extended the struct
file_operations to allow a new command which each subsystem can use
to enable command passthrough. Add an LSM specific for the command
passthrough which enables LSMs to inspect the command details.

This was discussed long ago without no clear pointer for something
conclusive, so this enables LSMs to at least reject this new file
operation.

[0] https://lkml.kernel.org/r/8adf55db-7bab-f59d-d612-ed906b948d19@schaufler-ca.com

[NOTE: I now see that the IORING_OP_URING_CMD has made it into the
v5.19-rcX releases, I'm going to be honest and say that I'm
disappointed you didn't post the related LSM additions

It does not mean I didn't ask for them too.

quoted

until
v5.19-rc6, especially given our earlier discussions.]

And hence since I don't see it either, it's on us now.

It looks like I owe you an apology, Luis.  While my frustration over
io_uring remains, along with my disappointment that the io_uring
developers continue to avoid discussing access controls with the LSM
community, you are not the author of the IORING_OP_URING_CMD.   You

I am to be shot down here. Solely.
My LSM understanding has been awful. At a level that I am not clear
how to fix if someone says - your code lacks LSM consideration.
But nothing to justify, I fully understand this is not someone else's
problem but mine. I intend to get better at it.
And I owe apology (to you/LSM-folks, Luis, Jens) for the mess.