Thread (16 messages) 16 messages, 6 authors, 2022-08-10

Re: [PATCH v2] lsm,io_uring: add LSM hooks for the new uring_cmd file op

From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2022-08-10 19:26:30
Also in: io-uring, linux-block, linux-nvme 

On 8/10/2022 11:52 AM, Luis Chamberlain wrote:
On Wed, Aug 10, 2022 at 02:39:54PM -0400, Paul Moore wrote:
quoted
On Wed, Aug 10, 2022 at 2:14 PM Luis Chamberlain [off-list ref] wrote:
quoted
On Fri, Jul 15, 2022 at 01:28:35PM -0600, Jens Axboe wrote:
quoted
On 7/15/22 1:16 PM, Luis Chamberlain wrote:
quoted
io-uring cmd support was added through ee692a21e9bf ("fs,io_uring:
add infrastructure for uring-cmd"), this extended the struct
file_operations to allow a new command which each subsystem can use
to enable command passthrough. Add an LSM specific for the command
passthrough which enables LSMs to inspect the command details.

This was discussed long ago without no clear pointer for something
conclusive, so this enables LSMs to at least reject this new file
operation.
From an io_uring perspective, this looks fine to me. It may be easier if
I take this through my tree due to the moving of the files, or the
security side can do it but it'd have to then wait for merge window (and
post io_uring branch merge) to do so. Just let me know. If done outside
of my tree, feel free to add:

Acked-by: Jens Axboe <axboe@kernel.dk>
Paul, Casey, Jens,

should this be picked up now that we're one week into the merge window?
Your timing is spot on!  I wrapped up a SELinux/SCTP issue by posting
the patches yesterday and started on the io_uring/CMD patches this
morning :)

Give me a few days to get this finished, tested, etc. and I'll post a
patchset with your main patch, the Smack patch from Casey, the SELinux
patch, and the /dev/null patch so we can all give it a quick sanity
check before I merge it into the LSM/stable branch and send it to
Linus.  Does that sound okay?
It's taking a while to get a satisfactory test going for Smack,
but I should have something in a few days.

Works with me! But just note I'll be away on vacation starting tomorrow
in the woods looking for Bigfoot with my dog,
Bigfoot was sighted lounging on Chuckanut Rock a couple weeks ago.

 so I won't be around. And
I suspect Linus plans to release 6.0 on Sunday, if the phb-crystall-ball [0]
is still as accurate.

[0] http://deb.tandrin.de/phb-crystal-ball.htm

  Luis
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help