diff options
| author |   Hamza Mahfooz <hamzamahfooz@linux.microsoft.com> | 2025-01-27 10:57:18 -0500 |
|---|---|---|
| committer |   Paul Moore <paul@paul-moore.com> | 2025-02-07 17:17:49 -0500 |
| commit | c6ad9fdbd44b78f51fa50138247694774ab99e97 (patch) | |
| tree | e28a1056a83be8177af5db7c75959d431267bd1c /include/linux/security.h | |
| parent | io_uring: refactor io_uring_allowed() (diff) | |
| download | wireguard-linux-c6ad9fdbd44b78f51fa50138247694774ab99e97.tar.xz wireguard-linux-c6ad9fdbd44b78f51fa50138247694774ab99e97.zip | |
io_uring,lsm,selinux: add LSM hooks for io_uring_setup()
It is desirable to allow LSM to configure accessibility to io_uring
because it is a coarse yet very simple way to restrict access to it. So,
add an LSM for io_uring_allowed() to guard access to io_uring.
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Hamza Mahfooz <hamzamahfooz@linux.microsoft.com>
Acked-by: Jens Axboe <axboe@kernel.dk>
[PM: merge fuzz due to changes in preceding patches, subj tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 980b6c207cad..3e68f8468a22 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -2362,6 +2362,7 @@ static inline int security_perf_event_write(struct perf_event *event) extern int security_uring_override_creds(const struct cred *new); extern int security_uring_sqpoll(void); extern int security_uring_cmd(struct io_uring_cmd *ioucmd); +extern int security_uring_allowed(void); #else static inline int security_uring_override_creds(const struct cred *new) { @@ -2375,6 +2376,10 @@ static inline int security_uring_cmd(struct io_uring_cmd *ioucmd) { return 0; } +extern int security_uring_allowed(void) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #endif /* CONFIG_IO_URING */ |