| Message ID | 163172413301.88001.16054830862146685573.stgit@olly (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add LSM access controls and auditing to io_uring | expand |
On Wed, Sep 15, 2021 at 12:49 PM Paul Moore <paul@paul-moore.com> wrote: > > A quick update to the v3 patchset with a small change to the audit > record format (remove the audit login ID on io_uring records) and > a subject line fix on the Smack patch. I also caught a few minor > things in the code comments and fixed those up. All told, nothing > significant but I really dislike merging patches that haven't hit > the list so here ya go ... > > As a reminder, I'm planning to merge these in the selinux/next tree > later this week and it would be *really* nice to get some ACKs from > the io_uring folks; this patchset is implementing the ideas we all > agreed to back in the v1 patchset so there shouldn't be anything > surprising in here. > > For reference the v3 patchset can be found here: > https://lore.kernel.org/linux-security-module/163159032713.470089.11728103630366176255.stgit@olly/T/#t > > Those who would prefer to fetch these patches directly from git can > do so using the tree/branch below: > git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git > (checkout branch "working-io_uring") > > --- > > Casey Schaufler (1): > Smack: Brutalist io_uring support > > Paul Moore (7): > audit: prepare audit_context for use in calling contexts beyond syscalls > audit,io_uring,io-wq: add some basic audit support to io_uring > audit: add filtering for io_uring records > fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() > io_uring: convert io_uring to the secure anon inode interface > lsm,io_uring: add LSM hooks to io_uring > selinux: add support for the io_uring access controls > > > fs/anon_inodes.c | 29 ++ > fs/io-wq.c | 4 + > fs/io_uring.c | 69 +++- > include/linux/anon_inodes.h | 4 + > include/linux/audit.h | 26 ++ > include/linux/lsm_hook_defs.h | 5 + > include/linux/lsm_hooks.h | 13 + > include/linux/security.h | 16 + > include/uapi/linux/audit.h | 4 +- > kernel/audit.h | 7 +- > kernel/audit_tree.c | 3 +- > kernel/audit_watch.c | 3 +- > kernel/auditfilter.c | 15 +- > kernel/auditsc.c | 469 ++++++++++++++++++++++------ > security/security.c | 12 + > security/selinux/hooks.c | 34 ++ > security/selinux/include/classmap.h | 2 + > security/smack/smack_lsm.c | 46 +++ > 18 files changed, 646 insertions(+), 115 deletions(-) With no serious objections or outstanding comments, I just merged these patches into selinux/next. If anyone has any follow-on patches please base them against selinux/next, thanks.
A quick update to the v3 patchset with a small change to the audit record format (remove the audit login ID on io_uring records) and a subject line fix on the Smack patch. I also caught a few minor things in the code comments and fixed those up. All told, nothing significant but I really dislike merging patches that haven't hit the list so here ya go ... As a reminder, I'm planning to merge these in the selinux/next tree later this week and it would be *really* nice to get some ACKs from the io_uring folks; this patchset is implementing the ideas we all agreed to back in the v1 patchset so there shouldn't be anything surprising in here. For reference the v3 patchset can be found here: https://lore.kernel.org/linux-security-module/163159032713.470089.11728103630366176255.stgit@olly/T/#t Those who would prefer to fetch these patches directly from git can do so using the tree/branch below: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git (checkout branch "working-io_uring") --- Casey Schaufler (1): Smack: Brutalist io_uring support Paul Moore (7): audit: prepare audit_context for use in calling contexts beyond syscalls audit,io_uring,io-wq: add some basic audit support to io_uring audit: add filtering for io_uring records fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() io_uring: convert io_uring to the secure anon inode interface lsm,io_uring: add LSM hooks to io_uring selinux: add support for the io_uring access controls fs/anon_inodes.c | 29 ++ fs/io-wq.c | 4 + fs/io_uring.c | 69 +++- include/linux/anon_inodes.h | 4 + include/linux/audit.h | 26 ++ include/linux/lsm_hook_defs.h | 5 + include/linux/lsm_hooks.h | 13 + include/linux/security.h | 16 + include/uapi/linux/audit.h | 4 +- kernel/audit.h | 7 +- kernel/audit_tree.c | 3 +- kernel/audit_watch.c | 3 +- kernel/auditfilter.c | 15 +- kernel/auditsc.c | 469 ++++++++++++++++++++++------ security/security.c | 12 + security/selinux/hooks.c | 34 ++ security/selinux/include/classmap.h | 2 + security/smack/smack_lsm.c | 46 +++ 18 files changed, 646 insertions(+), 115 deletions(-)