proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-11-30 01:17:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b9a0da5b2e
mirror_ubuntu-kernels/security/selinux/include
History
Paul Moore f4d653dcaa selinux: implement the security_uring_cmd() LSM hook 
Add a SELinux access control for the iouring IORING_OP_URING_CMD
command.  This includes the addition of a new permission in the
existing "io_uring" object class: "cmd".  The subject of the new
permission check is the domain of the process requesting access, the
object is the open file which points to the device/file that is the
target of the IORING_OP_URING_CMD operation.  A sample policy rule
is shown below:

  allow <domain> <file>:io_uring { cmd };

Cc: stable@vger.kernel.org
Fixes: ee692a21e9 ("fs,io_uring: add infrastructure for uring-cmd")
Signed-off-by: Paul Moore <paul@paul-moore.com>
2022-08-26 11:19:43 -04:00
..
audit.h selinux: fix typos in comments 2022-06-10 15:49:15 -04:00
avc_ss.h selinux: declare data arrays const 2022-05-03 15:53:49 -04:00
avc.h selinux: add __randomize_layout to selinux_audit_data 2022-06-07 16:03:21 -04:00
classmap.h selinux: implement the security_uring_cmd() LSM hook 2022-08-26 11:19:43 -04:00
conditional.h selinux: move policy commit after updating selinuxfs 2020-08-17 20:50:22 -04:00
ibpkey.h selinux: include necessary headers in headers 2022-05-03 14:11:13 -04:00
ima.h selinux: measure state and policy capabilities 2021-03-08 19:39:07 -05:00
initial_sid_to_string.h selinux: declare data arrays const 2022-05-03 15:53:49 -04:00
netif.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
netlabel.h security: pass asoc to sctp_assoc_request and sctp_sk_clone 2021-11-03 11:09:20 +00:00
netnode.h selinux: include necessary headers in headers 2022-05-03 14:11:13 -04:00
netport.h selinux: include necessary headers in headers 2022-05-03 14:11:13 -04:00
objsec.h LSM: Infrastructure management of the superblock 2021-04-22 12:22:10 -07:00
policycap_names.h selinux: declare data arrays const 2022-05-03 15:53:49 -04:00
policycap.h selinux: declare data arrays const 2022-05-03 15:53:49 -04:00
security.h selinux: don't sleep when CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is true 2022-04-14 16:44:21 -04:00
xfrm.h selinux: include necessary headers in headers 2022-05-03 14:11:13 -04:00