[RFC PATCH 6/9] io_uring: convert io_uring to the secure anon inode interface

Paul Moore Fri, 21 May 2021 14:50:35 -0700

Converting io_uring's anonymous inode to the secure anon inode API
enables LSMs to enforce policy on the io_uring anonymous inodes if
they chose to do so.  This is an important first step towards
providing the necessary mechanisms so that LSMs can apply security
policy to io_uring operations.


Signed-off-by: Paul Moore <p...@paul-moore.com>
---
 fs/io_uring.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index e9941d1ad8fd..6ff769c9b7d3 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -9562,8 +9562,8 @@ static struct file *io_uring_get_file(struct io_ring_ctx 
*ctx)
                return ERR_PTR(ret);
 #endif
 
-       file = anon_inode_getfile("[io_uring]", &io_uring_fops, ctx,
-                                       O_RDWR | O_CLOEXEC);
+       file = anon_inode_getfile_secure("[io_uring]", &io_uring_fops, ctx,
+                                        O_RDWR | O_CLOEXEC, NULL);
 #if defined(CONFIG_UNIX)
        if (IS_ERR(file)) {
                sock_release(ctx->ring_sock);

--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit

[RFC PATCH 6/9] io_uring: convert io_uring to the secure anon inode interface

Reply via email to