Searched hist:f4d653dcaa4e4056e1630423e6a8ece4869b544f (Results 1 – 2 of 2) sorted by relevance
| /openbmc/linux/security/selinux/include/ |
| H A D | classmap.h | diff f4d653dcaa4e4056e1630423e6a8ece4869b544f Wed Aug 10 14:55:36 CDT 2022 Paul Moore <paul@paul-moore.com> selinux: implement the security_uring_cmd() LSM hook
Add a SELinux access control for the iouring IORING_OP_URING_CMD
command. This includes the addition of a new permission in the
existing "io_uring" object class: "cmd". The subject of the new
permission check is the domain of the process requesting access, the
object is the open file which points to the device/file that is the
target of the IORING_OP_URING_CMD operation. A sample policy rule
is shown below:
allow <domain> <file>:io_uring { cmd };
Cc: stable@vger.kernel.org
Fixes: ee692a21e9bf ("fs,io_uring: add infrastructure for uring-cmd")
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
| /openbmc/linux/security/selinux/ |
| H A D | hooks.c | diff f4d653dcaa4e4056e1630423e6a8ece4869b544f Wed Aug 10 14:55:36 CDT 2022 Paul Moore <paul@paul-moore.com> selinux: implement the security_uring_cmd() LSM hook
Add a SELinux access control for the iouring IORING_OP_URING_CMD
command. This includes the addition of a new permission in the
existing "io_uring" object class: "cmd". The subject of the new
permission check is the domain of the process requesting access, the
object is the open file which points to the device/file that is the
target of the IORING_OP_URING_CMD operation. A sample policy rule
is shown below:
allow <domain> <file>:io_uring { cmd };
Cc: stable@vger.kernel.org
Fixes: ee692a21e9bf ("fs,io_uring: add infrastructure for uring-cmd")
Signed-off-by: Paul Moore <paul@paul-moore.com>
|