From: Joel Granados <[email protected]>
To: <[email protected]>, <[email protected]>, <[email protected]>,
<[email protected]>
Cc: <[email protected]>, <[email protected]>,
<[email protected]>, <[email protected]>,
Joel Granados <[email protected]>
Subject: [RFC v2 0/1] RFC on how to include LSM hooks for io_uring commands
Date: Tue, 22 Nov 2022 11:31:43 +0100 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: CGME20221122103536eucas1p2a0bc5ebdf063715f063e5b6254d0b058@eucas1p2.samsung.com
The motivation for this patch is to continue the discussion around how to
include LSM callback hooks in the io_uring infrastructure. This is the
second version of the RFC and is meant to elicit discussion. I'll leave
general questions and the descriptions of the different approaches.
Comments are greatly appreciated
Approaches:
V2: I add a callback to the file_operations struct that will set a
security_uring structure with all the elements needed for LSMs to make a
decision. io_uring is still agnostic as it will just pass the callback
along and LSM can just focus on getting the data they need in the uring
security struct. When security is not defined in CONFIG the
security_uring_cmd can just be a noop (or itself be in an ifdef).
V1: I take the nvme io_uring passthrough and try to include it in the
already existing LSM infrastructure that is there for ioctl. This is far
from a general io_uring approach, but its a start :)
Questions:
1. Besides what is contained in the patch, would there be something
additional to plumb in LSM?
2. Is this general enough to fit all io_uring passthrough commands?
3. I'm trying to separate responsabilities. The LSM folks can take care of
LSM stuff and the io_uring users can take care of their specific domain.
Does this patch fulfill this?
4. Are there other approaches to solve this problem?
Joel Granados (1):
Use a fs callback to set security specific data
drivers/nvme/host/core.c | 10 ++++++++++
include/linux/fs.h | 2 ++
include/linux/lsm_hook_defs.h | 3 ++-
include/linux/security.h | 16 ++++++++++++++--
io_uring/uring_cmd.c | 3 ++-
security/security.c | 5 +++--
security/selinux/hooks.c | 16 +++++++++++++++-
7 files changed, 48 insertions(+), 7 deletions(-)
--
2.30.2
next parent reply other threads:[~2022-11-22 10:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20221122103536eucas1p2a0bc5ebdf063715f063e5b6254d0b058@eucas1p2.samsung.com>
2022-11-22 10:31 ` Joel Granados [this message]
[not found] ` <CGME20221122103536eucas1p28f1c88f2300e49942c789721fe70c428@eucas1p2.samsung.com>
2022-11-22 10:31 ` [RFC v2 1/1] Use a fs callback to set security specific data Joel Granados
2022-11-22 15:18 ` Casey Schaufler
2022-11-28 8:19 ` Joel Granados
2022-11-28 9:06 ` Joel Granados
2022-11-23 21:02 ` Paul Moore
2022-11-28 9:27 ` Joel Granados
2022-11-29 14:24 ` Christoph Hellwig
2022-11-30 21:29 ` Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox