mbox series

[v4,0/8] Add LSM access controls and auditing to io_uring

Message ID 163172413301.88001.16054830862146685573.stgit@olly (mailing list archive)
Headers show
Series Add LSM access controls and auditing to io_uring | expand

Message

Paul Moore Sept. 15, 2021, 4:49 p.m. UTC
A quick update to the v3 patchset with a small change to the audit
record format (remove the audit login ID on io_uring records) and
a subject line fix on the Smack patch.  I also caught a few minor
things in the code comments and fixed those up.  All told, nothing
significant but I really dislike merging patches that haven't hit
the list so here ya go ...

As a reminder, I'm planning to merge these in the selinux/next tree
later this week and it would be *really* nice to get some ACKs from
the io_uring folks; this patchset is implementing the ideas we all
agreed to back in the v1 patchset so there shouldn't be anything
surprising in here.

For reference the v3 patchset can be found here:
https://lore.kernel.org/linux-security-module/163159032713.470089.11728103630366176255.stgit@olly/T/#t

Those who would prefer to fetch these patches directly from git can
do so using the tree/branch below:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
 (checkout branch "working-io_uring")

---

Casey Schaufler (1):
      Smack: Brutalist io_uring support

Paul Moore (7):
      audit: prepare audit_context for use in calling contexts beyond syscalls
      audit,io_uring,io-wq: add some basic audit support to io_uring
      audit: add filtering for io_uring records
      fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
      io_uring: convert io_uring to the secure anon inode interface
      lsm,io_uring: add LSM hooks to io_uring
      selinux: add support for the io_uring access controls


 fs/anon_inodes.c                    |  29 ++
 fs/io-wq.c                          |   4 +
 fs/io_uring.c                       |  69 +++-
 include/linux/anon_inodes.h         |   4 +
 include/linux/audit.h               |  26 ++
 include/linux/lsm_hook_defs.h       |   5 +
 include/linux/lsm_hooks.h           |  13 +
 include/linux/security.h            |  16 +
 include/uapi/linux/audit.h          |   4 +-
 kernel/audit.h                      |   7 +-
 kernel/audit_tree.c                 |   3 +-
 kernel/audit_watch.c                |   3 +-
 kernel/auditfilter.c                |  15 +-
 kernel/auditsc.c                    | 469 ++++++++++++++++++++++------
 security/security.c                 |  12 +
 security/selinux/hooks.c            |  34 ++
 security/selinux/include/classmap.h |   2 +
 security/smack/smack_lsm.c          |  46 +++
 18 files changed, 646 insertions(+), 115 deletions(-)

Comments

Paul Moore Sept. 20, 2021, 2:44 a.m. UTC | #1
On Wed, Sep 15, 2021 at 12:49 PM Paul Moore <paul@paul-moore.com> wrote:
>
> A quick update to the v3 patchset with a small change to the audit
> record format (remove the audit login ID on io_uring records) and
> a subject line fix on the Smack patch.  I also caught a few minor
> things in the code comments and fixed those up.  All told, nothing
> significant but I really dislike merging patches that haven't hit
> the list so here ya go ...
>
> As a reminder, I'm planning to merge these in the selinux/next tree
> later this week and it would be *really* nice to get some ACKs from
> the io_uring folks; this patchset is implementing the ideas we all
> agreed to back in the v1 patchset so there shouldn't be anything
> surprising in here.
>
> For reference the v3 patchset can be found here:
> https://lore.kernel.org/linux-security-module/163159032713.470089.11728103630366176255.stgit@olly/T/#t
>
> Those who would prefer to fetch these patches directly from git can
> do so using the tree/branch below:
> git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
>  (checkout branch "working-io_uring")
>
> ---
>
> Casey Schaufler (1):
>       Smack: Brutalist io_uring support
>
> Paul Moore (7):
>       audit: prepare audit_context for use in calling contexts beyond syscalls
>       audit,io_uring,io-wq: add some basic audit support to io_uring
>       audit: add filtering for io_uring records
>       fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
>       io_uring: convert io_uring to the secure anon inode interface
>       lsm,io_uring: add LSM hooks to io_uring
>       selinux: add support for the io_uring access controls
>
>
>  fs/anon_inodes.c                    |  29 ++
>  fs/io-wq.c                          |   4 +
>  fs/io_uring.c                       |  69 +++-
>  include/linux/anon_inodes.h         |   4 +
>  include/linux/audit.h               |  26 ++
>  include/linux/lsm_hook_defs.h       |   5 +
>  include/linux/lsm_hooks.h           |  13 +
>  include/linux/security.h            |  16 +
>  include/uapi/linux/audit.h          |   4 +-
>  kernel/audit.h                      |   7 +-
>  kernel/audit_tree.c                 |   3 +-
>  kernel/audit_watch.c                |   3 +-
>  kernel/auditfilter.c                |  15 +-
>  kernel/auditsc.c                    | 469 ++++++++++++++++++++++------
>  security/security.c                 |  12 +
>  security/selinux/hooks.c            |  34 ++
>  security/selinux/include/classmap.h |   2 +
>  security/smack/smack_lsm.c          |  46 +++
>  18 files changed, 646 insertions(+), 115 deletions(-)

With no serious objections or outstanding comments, I just merged
these patches into selinux/next.  If anyone has any follow-on patches
please base them against selinux/next, thanks.