Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup

[PATCH v1 0/2] Add LSM access controls for io_uring_setup · Gil Cukierman <hidden> · 2022-11-07
[PATCH v1 1/2] lsm,io_uring: add LSM hook for io_uring_setup · Gil Cukierman <hidden> · 2022-11-07
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2022-11-07
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Jeffrey Vander Stoep <hidden> · 2022-11-10
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2022-11-10
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Joel Granados <hidden> · 2022-11-14
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Jeffrey Vander Stoep <hidden> · 2022-11-15
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-08
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Paul Moore <paul@paul-moore.com> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-09
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Dmytro Maluka <hidden> · 2023-08-10
Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup · Stephen Smalley <stephen.smalley.work@gmail.com> · 2023-08-10

From: Stephen Smalley <stephen.smalley.work@gmail.com>
Date: 2023-08-10 12:28:11
Also in: io-uring, lkml, selinux

On Thu, Aug 10, 2023 at 5:08 AM Dmytro Maluka [off-list ref] wrote:

On 8/9/23 19:28, Dmytro Maluka wrote:

quoted

  So one of the questions I'm wondering about is: if Android implemented
  preventing execution of any io_uring code by non-trusted processes
  (via seccomp or any other way), how much would it help to reduce the
  risk of attacks, compared to its current SELinux based solution?

And why exactly I'm wondering about that: AFAICT, Android folks are
concerned about the high likelihood of vulnerabilities in io_uring code
just like we (ChromeOS folks) are, and that is the main reason why
Android takes care of restricting io_uring usage in the first place.

I think if you audit the io_uring syscalls and find a code path that
is not already mediated by a LSM hook (potentially at an earlier point
during setup / fd creation) that accesses any shared resource or
performs a privileged action, we would be open to adding a LSM hook to
cover that code path. But you'd have to do the work to identify and
propose such cases.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help