Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
SELinux/LSM/Smack Controls + Auditing For IO_uring Comes With Linux 5.16
With the SELinux patches sent out on Monday, there is now Linux Security Modules (LSM), SELinux, and Smack controls and auditing support for IO_uring.
The SELinux PR explains, "we were basically missing two things which we're adding here: establishment of a proper audit context so that auditing of io-uring ops works similarly to how it does for syscalls (with some io-uring additions because io-uring ops are *not* syscalls), additional LSM hooks to enable access control points for some of the more unusual io-uring features, e.g. credential overrides. The additional audit callouts and LSM hooks were done in conjunction with the io-uring folks, based on conversations and RFC patches earlier in the year."
See the SELinux pull request for more details on the IO_uring controls/auditing support and other security improvements to be found in this new kernel.