git.itanic.dy.fi Git - linux-stable/commit

author	Luis Chamberlain <mcgrof@kernel.org>
	Fri, 15 Jul 2022 19:16:22 +0000 (12:16 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 15 Sep 2022 08:47:18 +0000 (10:47 +0200)
commit	13069e1c8fef9b6f959784cc89ddbf75b31eef36
tree	1391ea6581ed712d5c95abe4e8b8a81fb7a3d510	tree \| snapshot
parent	1578775f94d141b89cb7f993fbd79ff107131702	commit \| diff

lsm,io_uring: add LSM hooks for the new uring_cmd file op

commit 2a5840124009f133bd09fd855963551fb2cefe22 upstream.

io-uring cmd support was added through ee692a21e9bf ("fs,io_uring:
add infrastructure for uring-cmd"), this extended the struct
file_operations to allow a new command which each subsystem can use
to enable command passthrough. Add an LSM specific for the command
passthrough which enables LSMs to inspect the command details.

This was discussed long ago without no clear pointer for something
conclusive, so this enables LSMs to at least reject this new file
operation.

[0] https://lkml.kernel.org/r/8adf55db-7bab-f59d-d612-ed906b948d19@schaufler-ca.com

Cc: stable@vger.kernel.org
Fixes: ee692a21e9bf ("fs,io_uring: add infrastructure for uring-cmd")
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Acked-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/linux/lsm_hook_defs.h		diff \| blob \| history
include/linux/lsm_hooks.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
io_uring/io_uring.c		diff \| blob \| history
security/security.c		diff \| blob \| history