Re: [PATCH 03/17] io_uring: add infra and support for IORING_OP_URING_CMD
On Fri, Mar 11, 2022 at 3:57 PM Luis Chamberlain <mcgrof(a)kernel.org> wrote:
On Fri, Mar 11, 2022 at 01:47:51PM -0500, Paul Moore wrote:
...
> Similar to what was discussed above with respect to auditing, I
think
> we need to do some extra work here to make it easier for a LSM to put
> the IO request in the proper context. We have io_uring_cmd::cmd_op
> via the @ioucmd parameter, which is good, but we need to be able to
> associate that with a driver to make sense of it.
It may not always be a driver, it can be built-in stuff.
Good point, but I believe the argument still applies. LSMs are going
to need some way to put the cmd_op token in the proper context so that
security policy can be properly enforced.
--
paul-moore.com