From: Gabriel Krisman Bertazi <krisman@suse.de>
To: Jeff Moyer <jmoyer@redhat.com>
Cc: matteorizzo@google.com, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, io-uring@vger.kernel.org,
axboe@kernel.dk, asml.silence@gmail.com, corbet@lwn.net,
akpm@linux-foundation.org, keescook@chromium.org,
ribalda@chromium.org, rostedt@goodmis.org, jannh@google.com,
chenhuacai@kernel.org, gpiccoli@igalia.com,
ldufour@linux.ibm.com, evn@google.com, poprdi@google.com,
jordyzomer@google.com, andres@anarazel.de
Subject: Re: [PATCH v4] io_uring: add a sysctl to disable io_uring system-wide
Date: Wed, 16 Aug 2023 14:10:38 -0400 [thread overview]
Message-ID: <87cyzm504h.fsf@suse.de> (raw)
In-Reply-To: <x49wmxuub14.fsf@segfault.boston.devel.redhat.com> (Jeff Moyer's message of "Wed, 16 Aug 2023 13:55:51 -0400")
Jeff Moyer <jmoyer@redhat.com> writes:
> From: Matteo Rizzo <matteorizzo@google.com>
>
> Introduce a new sysctl (io_uring_disabled) which can be either 0, 1, or
> 2. When 0 (the default), all processes are allowed to create io_uring
> instances, which is the current behavior. When 1, io_uring creation is
> disabled (io_uring_setup() will fail with -EPERM) for processes not in
> the kernel.io_uring_group group. When 2, calls to io_uring_setup() fail
> with -EPERM regardless of privilege.
>
> Signed-off-by: Matteo Rizzo <matteorizzo@google.com>
> [JEM: modified to add io_uring_group]
> Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
>
> ---
> v4:
>
> * Add a kernel.io_uring_group sysctl to hold a group id that is allowed
> to use io_uring. One thing worth pointing out is that, when a group
> is specified, only users in that group can create an io_uring. That
> means that if the root user is not in that group, root can not make
> use of io_uring.
Rejecting root if it's not in the group doesn't make much sense to
me. Of course, root can always just add itself to the group, so it is
not a security feature. But I'd expect 'sudo <smth>' to not start giving
EPERM based on user group settings. Can you make CAP_SYS_ADMIN
always allowed for option 1?
> I also wrote unit tests for liburing. I'll post that as well if there
> is consensus on this approach.
I'm fine with this approach as it allow me to easily reject non-root users.
--
Gabriel Krisman Bertazi
next prev parent reply other threads:[~2023-08-16 18:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-16 17:55 [PATCH v4] io_uring: add a sysctl to disable io_uring system-wide Jeff Moyer
2023-08-16 18:10 ` Gabriel Krisman Bertazi [this message]
2023-08-16 18:21 ` Jeff Moyer
2023-08-21 12:29 ` Matteo Rizzo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cyzm504h.fsf@suse.de \
--to=krisman@suse.de \
--cc=akpm@linux-foundation.org \
--cc=andres@anarazel.de \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=chenhuacai@kernel.org \
--cc=corbet@lwn.net \
--cc=evn@google.com \
--cc=gpiccoli@igalia.com \
--cc=io-uring@vger.kernel.org \
--cc=jannh@google.com \
--cc=jmoyer@redhat.com \
--cc=jordyzomer@google.com \
--cc=keescook@chromium.org \
--cc=ldufour@linux.ibm.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matteorizzo@google.com \
--cc=poprdi@google.com \
--cc=ribalda@chromium.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.