[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <168971140212.1482414.1220631096211660246.b4-ty@kernel.dk>
Date: Tue, 18 Jul 2023 14:16:42 -0600
From: Jens Axboe <axboe@...nel.dk>
To: Ondrej Mosnacek <omosnace@...hat.com>
Cc: Pavel Begunkov <asml.silence@...il.com>, io-uring@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] io_uring: don't audit the capability check in
io_uring_create()
On Tue, 18 Jul 2023 13:56:07 +0200, Ondrej Mosnacek wrote:
> The check being unconditional may lead to unwanted denials reported by
> LSMs when a process has the capability granted by DAC, but denied by an
> LSM. In the case of SELinux such denials are a problem, since they can't
> be effectively filtered out via the policy and when not silenced, they
> produce noise that may hide a true problem or an attack.
>
> Since not having the capability merely means that the created io_uring
> context will be accounted against the current user's RLIMIT_MEMLOCK
> limit, we can disable auditing of denials for this check by using
> ns_capable_noaudit() instead of capable().
>
> [...]
Applied, thanks!
[1/1] io_uring: don't audit the capability check in io_uring_create()
commit: 6adc2272aaaf84f34b652cf77f770c6fcc4b8336
Best regards,
--
Jens Axboe
Powered by blists - more mailing lists