mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-25 11:55:37 +00:00
f4d653dcaa
Add a SELinux access control for the iouring IORING_OP_URING_CMD
command. This includes the addition of a new permission in the
existing "io_uring" object class: "cmd". The subject of the new
permission check is the domain of the process requesting access, the
object is the open file which points to the device/file that is the
target of the IORING_OP_URING_CMD operation. A sample policy rule
is shown below:
allow <domain> <file>:io_uring { cmd };
Cc: stable@vger.kernel.org
Fixes:
|
||
---|---|---|
.. | ||
audit.h | ||
avc.h | ||
avc_ss.h | ||
classmap.h | ||
conditional.h | ||
ibpkey.h | ||
ima.h | ||
initial_sid_to_string.h | ||
netif.h | ||
netlabel.h | ||
netnode.h | ||
netport.h | ||
objsec.h | ||
policycap.h | ||
policycap_names.h | ||
security.h | ||
xfrm.h |