On Fri, Mar 11, 2022 at 3:57 PM Luis Chamberlain <[email protected]> wrote: > On Fri, Mar 11, 2022 at 01:47:51PM -0500, Paul Moore wrote:
... > > Similar to what was discussed above with respect to auditing, I think > > we need to do some extra work here to make it easier for a LSM to put > > the IO request in the proper context. We have io_uring_cmd::cmd_op > > via the @ioucmd parameter, which is good, but we need to be able to > > associate that with a driver to make sense of it. > > It may not always be a driver, it can be built-in stuff. Good point, but I believe the argument still applies. LSMs are going to need some way to put the cmd_op token in the proper context so that security policy can be properly enforced. -- paul-moore.com -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
