* IORING_OP_SENDMSG_ZC should enable auditing just like IORING_OP_SENDMSG
@ 2022-10-07 17:34 Paul Moore
2022-10-07 18:22 ` Jens Axboe
0 siblings, 1 reply; 2+ messages in thread
From: Paul Moore @ 2022-10-07 17:34 UTC (permalink / raw)
To: Pavel Begunkov, Jens Axboe; +Cc: io-uring, linux-audit, linux-security-module
Commit 493108d95f14 ("io_uring/net: zerocopy sendmsg") added a new
zerocopy sendmsg command to io_uring, but it enabled the
io_op_def:audit_skip flag, causing the operation to bypass auditing.
As far as I can see, the SENDMSG_ZC operation should be subject to
auditing just as SENDMSG.
--
paul-moore.com
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: IORING_OP_SENDMSG_ZC should enable auditing just like IORING_OP_SENDMSG
2022-10-07 17:34 IORING_OP_SENDMSG_ZC should enable auditing just like IORING_OP_SENDMSG Paul Moore
@ 2022-10-07 18:22 ` Jens Axboe
0 siblings, 0 replies; 2+ messages in thread
From: Jens Axboe @ 2022-10-07 18:22 UTC (permalink / raw)
To: Paul Moore, Pavel Begunkov; +Cc: io-uring, linux-audit, linux-security-module
On 10/7/22 11:34 AM, Paul Moore wrote:
> Commit 493108d95f14 ("io_uring/net: zerocopy sendmsg") added a new
> zerocopy sendmsg command to io_uring, but it enabled the
> io_op_def:audit_skip flag, causing the operation to bypass auditing.
> As far as I can see, the SENDMSG_ZC operation should be subject to
> auditing just as SENDMSG.
As far as I can tell you're right, it's not audited further down.
I'll add a patch getting rid of that audit_skip for SENDMSG_ZC.
--
Jens Axboe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-07 18:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-07 17:34 IORING_OP_SENDMSG_ZC should enable auditing just like IORING_OP_SENDMSG Paul Moore
2022-10-07 18:22 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox