Message ID | 163172413301.88001.16054830862146685573.stgit@olly (mailing list archive) |
---|---|
Headers | show |
Series | Add LSM access controls and auditing to io_uring | expand |
On Wed, Sep 15, 2021 at 12:49 PM Paul Moore <paul@paul-moore.com> wrote: > > A quick update to the v3 patchset with a small change to the audit > record format (remove the audit login ID on io_uring records) and > a subject line fix on the Smack patch. I also caught a few minor > things in the code comments and fixed those up. All told, nothing > significant but I really dislike merging patches that haven't hit > the list so here ya go ... > > As a reminder, I'm planning to merge these in the selinux/next tree > later this week and it would be *really* nice to get some ACKs from > the io_uring folks; this patchset is implementing the ideas we all > agreed to back in the v1 patchset so there shouldn't be anything > surprising in here. > > For reference the v3 patchset can be found here: > https://lore.kernel.org/linux-security-module/163159032713.470089.11728103630366176255.stgit@olly/T/#t > > Those who would prefer to fetch these patches directly from git can > do so using the tree/branch below: > git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git > (checkout branch "working-io_uring") > > --- > > Casey Schaufler (1): > Smack: Brutalist io_uring support > > Paul Moore (7): > audit: prepare audit_context for use in calling contexts beyond syscalls > audit,io_uring,io-wq: add some basic audit support to io_uring > audit: add filtering for io_uring records > fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() > io_uring: convert io_uring to the secure anon inode interface > lsm,io_uring: add LSM hooks to io_uring > selinux: add support for the io_uring access controls > > > fs/anon_inodes.c | 29 ++ > fs/io-wq.c | 4 + > fs/io_uring.c | 69 +++- > include/linux/anon_inodes.h | 4 + > include/linux/audit.h | 26 ++ > include/linux/lsm_hook_defs.h | 5 + > include/linux/lsm_hooks.h | 13 + > include/linux/security.h | 16 + > include/uapi/linux/audit.h | 4 +- > kernel/audit.h | 7 +- > kernel/audit_tree.c | 3 +- > kernel/audit_watch.c | 3 +- > kernel/auditfilter.c | 15 +- > kernel/auditsc.c | 469 ++++++++++++++++++++++------ > security/security.c | 12 + > security/selinux/hooks.c | 34 ++ > security/selinux/include/classmap.h | 2 + > security/smack/smack_lsm.c | 46 +++ > 18 files changed, 646 insertions(+), 115 deletions(-) With no serious objections or outstanding comments, I just merged these patches into selinux/next. If anyone has any follow-on patches please base them against selinux/next, thanks.