Re: [PATCH] io_uring: don't audit the capability check in io_uring_create()

From: Jens Axboe
Date: Tue Jul 18 2023 - 16:17:01 EST

Next message: Andrew Lunn: "Re: [PATCH net-next v3 03/11] net: phy: replace is_c45 with phy_accces_mode"
Previous message: Uwe Kleine-König: "[PATCH] regulator: max77857: Switch back to use struct i2c_driver's .probe()"
In reply to: Jeff Moyer: "Re: [PATCH] io_uring: don't audit the capability check in io_uring_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 18 Jul 2023 13:56:07 +0200, Ondrej Mosnacek wrote:
> The check being unconditional may lead to unwanted denials reported by
> LSMs when a process has the capability granted by DAC, but denied by an
> LSM. In the case of SELinux such denials are a problem, since they can't
> be effectively filtered out via the policy and when not silenced, they
> produce noise that may hide a true problem or an attack.
>
> Since not having the capability merely means that the created io_uring
> context will be accounted against the current user's RLIMIT_MEMLOCK
> limit, we can disable auditing of denials for this check by using
> ns_capable_noaudit() instead of capable().
>
> [...]

Applied, thanks!

[1/1] io_uring: don't audit the capability check in io_uring_create()
commit: 6adc2272aaaf84f34b652cf77f770c6fcc4b8336

Best regards,
--
Jens Axboe

Next message: Andrew Lunn: "Re: [PATCH net-next v3 03/11] net: phy: replace is_c45 with phy_accces_mode"
Previous message: Uwe Kleine-König: "[PATCH] regulator: max77857: Switch back to use struct i2c_driver's .probe()"
In reply to: Jeff Moyer: "Re: [PATCH] io_uring: don't audit the capability check in io_uring_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]