From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 591492E847; Mon, 4 Dec 2023 19:37:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Kxw+4Sa5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 70582C433C7; Mon, 4 Dec 2023 19:37:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701718662; bh=0B6qI7yaImDylh0YMgRVbhCUJKzhgt+Boa80ygB2x2M=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Kxw+4Sa5aWZsRGjXXiOHaG8CDEWcJlA5x5hnxHIRWPRej0cwRs6208xvHr8NityLR D2YPCyfYf3HvefW47SdvcmD5BSKOg6C/ltGeCDMJvEiK3N0Wdr95QzjjZn2SVQ4yZo XnyB8Girl3wrr+wuOzERc2oVoM9PtUBJcpC6fja9bcXjNXhCCYaQ0t6DAtrWFyVxKv biwGmCx6zcNSHB0JcW3IK3VxmOXYBgjBUTWTAhWbW0PnCSl5PZrtvhp404vXqWSPb4 BEYrnvI+Hi4pZdTD6rr4hBcRTxkjBV5wVNcJp3N3lPSNkC6NJjP5rY2ePXEflOqIJv KdiE3phqDFmSw== Date: Mon, 4 Dec 2023 12:37:38 -0700 From: Keith Busch To: Jeff Moyer Cc: Jens Axboe , Keith Busch , linux-nvme@lists.infradead.org, io-uring@vger.kernel.org, hch@lst.de, sagi@grimberg.me, asml.silence@gmail.com, linux-security-module@vger.kernel.org Subject: Re: [PATCH 1/2] iouring: one capable call per iouring instance Message-ID: References: <20231204175342.3418422-1-kbusch@meta.com> <9c1ee0ee-ccae-4013-83f4-92a2af7bdf42@kernel.dk> Precedence: bulk X-Mailing-List: io-uring@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Dec 04, 2023 at 02:22:22PM -0500, Jeff Moyer wrote: > Jens Axboe writes: > > > On 12/4/23 11:40 AM, Jeff Moyer wrote: > >> Finally, as Jens mentioned, I would expect dropping priviliges to, you > >> know, drop privileges. I don't think a commit message is going to be > >> enough documentation for a change like this. > > > > Only thing I can think of here is to cache the state in > > task->io_uring->something, and then ensure those are invalidated > > whenever caps change. > > I looked through the capable() code, and there is no way that I could > find to be notified of changes. Something like LSM_HOOK_INIT on 'capset', but needs to work without CONFIG_SECURITY.