Re: [PATCH] lsm,io_uring: add LSM hooks for io_uring_setup()

From: Paul Moore <paul@paul-moore.com>
Date: 2025-01-05 02:12:38
Also in: io-uring, lkml, selinux

On Thu, Dec 19, 2024 at 4:34 PM Casey Schaufler [off-list ref] wrote:

On 12/19/2024 12:41 PM, Hamza Mahfooz wrote:

quoted

It is desirable to allow LSM to configure accessibility to io_uring.

Why is it desirable to allow LSM to configure accessibility to io_uring?

Look at some of the existing access controls that some LSMs, including
Smack, have implemented to control access to certain parts of io_uring
such as credential sharing.  While having a control point at the top
of io_uring_setup() is a fairly coarse way to restrict io_uring, the
advantage is that it is very simple.

--
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help