From: Jens Axboe <axboe@kernel.dk>
To: Casey Schaufler <casey@schaufler-ca.com>,
Paul Moore <paul@paul-moore.com>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
joshi.k@samsung.com, linux-security-module@vger.kernel.org,
io-uring@vger.kernel.org, linux-nvme@lists.infradead.org,
linux-block@vger.kernel.org, a.manzanares@samsung.com,
javier@javigon.com
Subject: Re: [PATCH] lsm,io_uring: add LSM hooks to for the new uring_cmd file op
Date: Fri, 15 Jul 2022 15:32:35 -0600 [thread overview]
Message-ID: <da03fb01-83e6-974e-d273-ce86c770e5b2@kernel.dk> (raw)
In-Reply-To: <1b220ed8-c010-15f2-3bc2-6ec4b2e7532f@schaufler-ca.com>
On 7/15/22 3:16 PM, Casey Schaufler wrote:
> On 7/15/2022 1:00 PM, Jens Axboe wrote:
>> I agree that it should've been part of the initial series. As mentioned
>> above, I wasn't much apart of that earlier discussion in the series, and
>> hence missed that it was missing. And as also mentioned, LSM isn't much
>> on my radar as nobody I know uses it.
>
> There are well over 6 Billion systems deployed in the wild that use LSM.
> Every Android device. Every Samsung TV, camera and watch. Chromebooks.
> Data centers. AWS. HPC. Statistically, a system that does not use LSM is
> extremely rare. The only systems that *don't* use LSM are the ones hand
> configured by Linux developers for their own use.
I'm not talking about systems that only I use, but I believe you that
it's in wide use. Didn't mean to imply that it isn't, just that since I
don't come across it in my work or the people/systems that I've worked
with, it hasn't been much on my radar and nobody has asked for it.
>> This will cause oversights, even
>> if they are unfortunate. My point is just that no ill intent should be
>> assumed here.
>
> I see no ill intent. And io_uring addresses an important issue.
> It just needs to work for the majority of Linux systems, not just
> the few that don't use LSM.
Agree, and hopefully we can make sure that it does, going forward as
well.
--
Jens Axboe
next prev parent reply other threads:[~2022-07-15 21:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 0:05 [PATCH] lsm,io_uring: add LSM hooks to for the new uring_cmd file op Luis Chamberlain
2022-07-14 0:38 ` Casey Schaufler
2022-07-15 0:54 ` Luis Chamberlain
2022-07-15 1:25 ` Casey Schaufler
2022-07-14 3:00 ` Paul Moore
2022-07-15 1:00 ` Luis Chamberlain
2022-07-15 18:46 ` Paul Moore
2022-07-15 19:02 ` Luis Chamberlain
2022-07-15 19:51 ` Paul Moore
2022-07-15 19:07 ` Jens Axboe
2022-07-15 19:50 ` Paul Moore
2022-07-15 20:00 ` Jens Axboe
2022-07-15 21:16 ` Casey Schaufler
2022-07-15 21:32 ` Jens Axboe [this message]
2022-07-15 21:37 ` Luis Chamberlain
2022-07-15 21:47 ` Jens Axboe
2022-07-15 20:50 ` Casey Schaufler
2022-07-15 23:03 ` Casey Schaufler
2022-07-15 23:05 ` Jens Axboe
2022-07-15 23:14 ` Casey Schaufler
2022-07-15 23:18 ` Jens Axboe
2022-07-15 23:31 ` Casey Schaufler
2022-07-15 23:34 ` Jens Axboe
2022-07-16 3:20 ` Kanchan Joshi
2022-07-18 14:55 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=da03fb01-83e6-974e-d273-ce86c770e5b2@kernel.dk \
--to=axboe@kernel.dk \
--cc=a.manzanares@samsung.com \
--cc=casey@schaufler-ca.com \
--cc=io-uring@vger.kernel.org \
--cc=javier@javigon.com \
--cc=joshi.k@samsung.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.