Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup

[PATCH v1 0/2] Add LSM access controls for io_uring_setup · Gil Cukierman <hidden> · 2022-11-07
[PATCH v1 1/2] lsm,io_uring: add LSM hook for io_uring_setup · Gil Cukierman <hidden> · 2022-11-07
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2022-11-07
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Jeffrey Vander Stoep <hidden> · 2022-11-10
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2022-11-10
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Joel Granados <hidden> · 2022-11-14
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Jeffrey Vander Stoep <hidden> · 2022-11-15
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-08
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-10
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Stephen Smalley <stephen.smalley.work@gmail.com> · 2023-08-10

From: Dmytro Maluka <hidden>
Date: 2023-08-10 09:09:16
Also in: io-uring, lkml, selinux

On 8/9/23 19:28, Dmytro Maluka wrote:

  So one of the questions I'm wondering about is: if Android implemented
  preventing execution of any io_uring code by non-trusted processes
  (via seccomp or any other way), how much would it help to reduce the
  risk of attacks, compared to its current SELinux based solution?

And why exactly I'm wondering about that: AFAICT, Android folks are
concerned about the high likelihood of vulnerabilities in io_uring code
just like we (ChromeOS folks) are, and that is the main reason why
Android takes care of restricting io_uring usage in the first place.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help