linux

Go to file

Paul Moore 740b03414b selinux: add support for the io_uring access controls

This patch implements two new io_uring access controls, specifically
support for controlling the io_uring "personalities" and
IORING_SETUP_SQPOLL.  Controlling the sharing of io_urings themselves
is handled via the normal file/inode labeling and sharing mechanisms.

The io_uring { override_creds } permission restricts which domains
the subject domain can use to override it's own credentials.
Granting a domain the io_uring { override_creds } permission allows
it to impersonate another domain in io_uring operations.

The io_uring { sqpoll } permission restricts which domains can create
asynchronous io_uring polling threads.  This is important from a
security perspective as operations queued by this asynchronous thread
inherit the credentials of the thread creator by default; if an
io_uring is shared across process/domain boundaries this could result
in one domain impersonating another.  Controlling the creation of
sqpoll threads, and the sharing of io_urings across processes, allow
policy authors to restrict the ability of one domain to impersonate
another via io_uring.

As a quick summary, this patch adds a new object class with two
permissions:

 io_uring { override_creds sqpoll }

These permissions can be seen in the two simple policy statements
below:

  allow domA_t domB_t : io_uring { override_creds };
  allow domA_t self : io_uring { sqpoll };

Signed-off-by: Paul Moore <paul@paul-moore.com>

2021-09-19 22:40:32 -04:00

arch

Merge tag 'smp-urgent-2021-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2021-09-12 12:42:51 -07:00

block

Merge tag 'block-5.15-2021-09-11' of git://git.kernel.dk/linux-block

2021-09-11 10:19:51 -07:00

certs

certs: Add support for using elliptic curve keys for signing modules

2021-08-23 19:55:42 +03:00

crypto

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

2021-08-30 12:57:10 -07:00

Documentation

Merge tag 'auxdisplay-for-linus-v5.15-rc1' of git://github.com/ojeda/linux

2021-09-12 16:00:49 -07:00

drivers

Merge tag 'auxdisplay-for-linus-v5.15-rc1' of git://github.com/ojeda/linux

2021-09-12 16:00:49 -07:00

lsm,io_uring: add LSM hooks to io_uring

2021-09-19 22:37:21 -04:00

include

lsm,io_uring: add LSM hooks to io_uring

2021-09-19 22:37:21 -04:00

init

Merge tag 'trace-v5.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

2021-09-09 13:11:15 -07:00

ipc

Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm

2021-09-09 13:25:49 -07:00

kernel

audit: add filtering for io_uring records

2021-09-19 22:34:38 -04:00

lib

Merge tag 'trace-v5.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

2021-09-11 10:16:30 -07:00

LICENSES

LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes"

2021-07-15 06:31:24 -06:00

Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm

2021-09-09 13:25:49 -07:00

net

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

2021-09-11 14:48:42 -07:00

samples

Merge tag 'kgdb-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux

2021-09-07 12:08:04 -07:00

scripts

Merge tag 'riscv-for-linus-5.15-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

2021-09-11 14:29:42 -07:00

security

selinux: add support for the io_uring access controls

2021-09-19 22:40:32 -04:00

sound

Merge tag 'sound-fix-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

2021-09-09 16:05:10 -07:00

tools

Merge tag 'perf-tools-for-v5.15-2021-09-11' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

2021-09-12 16:18:15 -07:00

usr

.gitignore: prefix local generated files with a slash

2021-05-02 00:43:35 +09:00

virt

KVM: Drop unused kvm_dirty_gfn_invalid()

2021-09-06 08:23:46 -04:00

.clang-format

clang-format: Update with the latest for_each macro list

2021-05-12 23:32:39 +02:00

.cocciconfig

…

.get_maintainer.ignore

Opt out of scripts/get_maintainer.pl

2019-05-16 10:53:40 -07:00

.gitattributes

.gitattributes: use 'dts' diff driver for dts files

2019-12-04 19:44:11 -08:00

.gitignore

.gitignore: ignore only top-level modules.builtin

2021-05-02 00:43:35 +09:00

.mailmap

mailmap: update email address of Matthias Fuchs and Thomas Körper

2021-08-19 09:39:44 +02:00

COPYING

COPYING: state that all contributions really are covered by this file

2020-02-10 13:32:20 -08:00

CREDITS

MAINTAINERS: move Murali Karicheri to credits

2021-04-29 15:47:30 -07:00

Kbuild

kbuild: rename hostprogs-y/always to hostprogs/always-y

2020-02-04 01:53:07 +09:00

Kconfig

kbuild: ensure full rebuild when the compiler is updated

2020-05-12 13:28:33 +09:00

MAINTAINERS

Merge tag 'compiler-attributes-for-linus-v5.15-rc1-v2' of git://github.com/ojeda/linux

2021-09-12 16:09:26 -07:00

Makefile

Linux 5.15-rc1

2021-09-12 16:28:37 -07:00

README

Drop all 00-INDEX files from Documentation/

2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.

Languages

C 97.7%

Assembly 1.1%

Shell 0.4%

Makefile 0.3%

Python 0.2%

Other 0.1%