mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-25 11:55:37 +00:00
f4d653dcaa
Add a SELinux access control for the iouring IORING_OP_URING_CMD
command. This includes the addition of a new permission in the
existing "io_uring" object class: "cmd". The subject of the new
permission check is the domain of the process requesting access, the
object is the open file which points to the device/file that is the
target of the IORING_OP_URING_CMD operation. A sample policy rule
is shown below:
allow <domain> <file>:io_uring { cmd };
Cc: stable@vger.kernel.org
Fixes:
|
||
|---|---|---|
| .. | ||
| audit.h | ||
| avc.h | ||
| avc_ss.h | ||
| classmap.h | ||
| conditional.h | ||
| ibpkey.h | ||
| ima.h | ||
| initial_sid_to_string.h | ||
| netif.h | ||
| netlabel.h | ||
| netnode.h | ||
| netport.h | ||
| objsec.h | ||
| policycap.h | ||
| policycap_names.h | ||
| security.h | ||
| xfrm.h | ||