| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhRUzr2XpfP5XJpXLxEhYoFvtee8OgEwvib1x7+H7B68Qg@mail.gmail.com>
Date: Wed, 26 Mar 2025 10:50:47 -0400
From: Paul Moore <paul@...l-moore.com>
To: cgzones@...glemail.com
Cc: Stephen Smalley <stephen.smalley.work@...il.com>, Ondrej Mosnacek <omosnace@...hat.com>,
Thiébaud Weksteen <tweek@...gle.com>,
Miklos Szeredi <mszeredi@...hat.com>, Bram Bonné <brambonne@...gle.com>,
"Kipp N. Davis" <kippndavis.work@....com>, Masahiro Yamada <masahiroy@...nel.org>,
Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com>, Jens Axboe <axboe@...nel.dk>,
selinux@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] selinux: rename io_uring permission to match syscall
On Wed, Mar 26, 2025 at 6:38 AM Christian Göttsche
<cgoettsche@...tendoof.de> wrote:
>
> From: Christian Göttsche <cgzones@...glemail.com>
>
> Commit c6ad9fdbd44b ("io_uring,lsm,selinux: add LSM hooks for
> io_uring_setup()") introduced the LSM hook `uring_allowed` and
> implemented it in SELinux via a new `io_uring` class permission
> `allowed`. Rename the permission to `setup` since most permission verbs
> are named after the corresponding syscall ...
Some permissions are named after a syscall, but there are also a
number that are not. I believe "allowed" is the right choice here as
it better reflects the intent of the permission.
As an aside, the original draft of this patch was sent to the lists
back in late December and the final revision was merged in early
February before going up to Linus a few days ago. While I maintain
that "allowed" is the better choice, the proper time to raise your
concerns would have been during the past few months, not now.
> ... in this case
> io_uring_setup(2), and avoid confusing policy rules with an allow
> keyword and an allowed permission.
>
> Fixes: c6ad9fdbd44b ("io_uring,lsm,selinux: add LSM hooks for io_uring_setup()")
> Signed-off-by: Christian Göttsche <cgzones@...glemail.com>
> ---
> Note: this patch targets torvalds/master
> ---
> security/selinux/hooks.c | 2 +-
> security/selinux/include/classmap.h | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 7150c953fec3..bcc66dea8bdc 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -7188,7 +7188,7 @@ static int selinux_uring_allowed(void)
> {
> u32 sid = current_sid();
>
> - return avc_has_perm(sid, sid, SECCLASS_IO_URING, IO_URING__ALLOWED,
> + return avc_has_perm(sid, sid, SECCLASS_IO_URING, IO_URING__SETUP,
> NULL);
> }
> #endif /* CONFIG_IO_URING */
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index 04a9b480885e..49fb584f2056 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -179,7 +179,7 @@ const struct security_class_mapping secclass_map[] = {
> { "perf_event",
> { "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } },
> { "anon_inode", { COMMON_FILE_PERMS, NULL } },
> - { "io_uring", { "override_creds", "sqpoll", "cmd", "allowed", NULL } },
> + { "io_uring", { "override_creds", "sqpoll", "cmd", "setup", NULL } },
> { "user_namespace", { "create", NULL } },
> /* last one */ { NULL, {} }
> };
> --
> 2.49.0
--
paul-moore.com
Powered by blists - more mailing lists