On Mon, Jan 27, 2025 at 12:18 PM Casey Schaufler [off-list ref] wrote:

On 1/27/2025 7:57 AM, Hamza Mahfooz wrote:

quoted

It is desirable to allow LSM to configure accessibility to io_uring
because it is a coarse yet very simple way to restrict access to it. So,
add an LSM for io_uring_allowed() to guard access to io_uring.

I don't like this at all at all. It looks like you're putting in a hook
so that io_uring can easily deflect any responsibility for safely
interacting with LSMs.

That's not how this works Casey, unless you're seeing something different?

This is an additional access control point for io_uring, largely to
simplify what a LSM would need to do to help control a process' access
to io_uring, it does not replace any of the io_uring LSM hooks or
access control points.

-- 
paul-moore.com