Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5795140rwb; Wed, 9 Aug 2023 09:11:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHDkQNSzsWDf5sA/dglWmSYOvv2L4B1jbJxcoGW4Im3vYp7mCNAoAhiidTvS+5v13rs7Wjz X-Received: by 2002:a05:6830:1e46:b0:6bd:708:c1f2 with SMTP id e6-20020a0568301e4600b006bd0708c1f2mr3164054otj.14.1691597487150; Wed, 09 Aug 2023 09:11:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691597487; cv=none; d=google.com; s=arc-20160816; b=QIk5EKv1iVb3wu0rUJp4Z7VSpJ2Mdadca1tyh2Rp17lEypQ1rjEpr3SPAisMKPnZoZ AHlONPRRM3L4vHTqf0gIOjOzANPjWlYkfNuCbEHunY13+LLoNjWieic+CH98aEpzD//1 SjwKDMR0XfdlsNltMna0sFNBvmSoA+ANxh090opHjwhppeABxVQVYONs1H2dxuk+SByr EK6nKieXZq+yXUJRCtWEBP0dnEBnKFy9+jXIpfGsyNmuE8WibAaFQHBnMC09lvX8dUOT V/FMEHEHUF9LZluEZXkDWABD+OrUr+Cdi+hzEDvSvszaeutfyptFxsnqmSJFHDfiB/5F 9qgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=m7Yanb/vvsE/fqlIS6281qF7gWWLaghgUEnS3kHEVy0=; fh=e8OB/Ftl9IuvwdUF+EIj4xXmEj5a/Ujd0cy/NIzvKXY=; b=FnSsw0pY2juPozsPsB64JFzxNtGy82LIeYp7fa6Ulo8pjL2+jPl2qWfdW+qw8+XFdo utjhTxejpacQYxpChk2SLuad0qOKbWzcZ/KRiwFWqQGw9p9ZJHsv6uM8Jb6111aGfXW/ /1AagIevPw8b3mXh/I7JBpYalxz7Iw01iF3VOnBDMsf4dC8zhYF6U8omfPymT2d0nVEL PjLeXVdpDfmQaeKdovx2S0covGsCDqhV0qCO2tLhMHXsNQtBjVxW/jGz3prh/PfTmuHw hZ+0mKwgkEf1aCjbbwhwdS5mZ8a7lI4PwiIFVqDlOvKZR4eT5h4NHTXBOtAREvbYC7Yj Nbjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@anarazel.de header.s=fm3 header.b=neG4KZuW; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=0wYJnG2j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j37-20020a634a65000000b0055384eb4f43si9844850pgl.221.2023.08.09.09.11.14; Wed, 09 Aug 2023 09:11:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@anarazel.de header.s=fm3 header.b=neG4KZuW; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=0wYJnG2j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232956AbjHIPJ4 (ORCPT + 99 others); Wed, 9 Aug 2023 11:09:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229914AbjHIPJ4 (ORCPT ); Wed, 9 Aug 2023 11:09:56 -0400 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BFB3F1999; Wed, 9 Aug 2023 08:09:51 -0700 (PDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 9E4DE5C00CC; Wed, 9 Aug 2023 11:09:48 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Wed, 09 Aug 2023 11:09:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anarazel.de; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1691593788; x=1691680188; bh=m7 Yanb/vvsE/fqlIS6281qF7gWWLaghgUEnS3kHEVy0=; b=neG4KZuWdFoqjpt55G C6BGZC3xc91iYe1axORYvayX3EjKpNORwPe96Hp2IJNRde99sVDwBklTgLnTtQZm AwU5Xyc2SixBeufC5gQLYj7NIiPqrfmTBAPAYB/8vftniCos59B0MLMI5fVayp/B EYYUVE0Zvu0pA7ANtUV8HaMwjEyQVz3WyJ6RNWbu7t0hEHEhQCHvOYlEy33QH7+s eWs1PnsXlczGMXM3bQBYJEFSmU+kbM29yDUzYRQiduz/61ONTLAsXzXHfBfNPXIB kZCWKqCdBOGaGDTUHSasGCtRsYFdC9L+ER2SFGdrt7DE0escJ8v+L8kuimvnri4G mqgg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1691593788; x=1691680188; bh=m7Yanb/vvsE/f qlIS6281qF7gWWLaghgUEnS3kHEVy0=; b=0wYJnG2jecIE88IDHNK4B3wtDn+tI ZMIk3gtRQPlcr+yG0x8DLWJyCTubvrstivux2twxPOsirVL9fxyc+eyd/mVmMpMe RqHcEUCk/17MLe/a3dQGe8hOVB9zDfZ1FZLMBrJ9B5C198T3LX7HQDS4c+/ZFBuj EweSfjMsDr+FaDHpIywVLqhWpp1dGkzrLqH3m40tlavpXbOP33VCa7LVPItT6n06 +SUy7l56t1WQQvRMP9KeaIb0KUnB4Am5xW5t8SLXiNbGtmWcUxMV83R6hP3c7Syp c2Uj3jTNMufW2nPHMOS9ken//385ThRZ2Z83w6MbHrdcL0lx7MgvAaUqQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrleeggdekfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvvefukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpeetnhgurhgv shcuhfhrvghunhguuceorghnughrvghssegrnhgrrhgriigvlhdruggvqeenucggtffrrg htthgvrhhnpedvffefvefhteevffegieetfefhtddvffejvefhueetgeeludehteevudei tedtudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe grnhgurhgvshesrghnrghrrgiivghlrdguvg X-ME-Proxy: Feedback-ID: id4a34324:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 9 Aug 2023 11:09:47 -0400 (EDT) Date: Wed, 9 Aug 2023 08:09:45 -0700 From: Andres Freund To: Jeff Moyer Cc: Matteo Rizzo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, io-uring@vger.kernel.org, axboe@kernel.dk, asml.silence@gmail.com, corbet@lwn.net, akpm@linux-foundation.org, keescook@chromium.org, ribalda@chromium.org, rostedt@goodmis.org, jannh@google.com, chenhuacai@kernel.org, gpiccoli@igalia.com, ldufour@linux.ibm.com, evn@google.com, poprdi@google.com, jordyzomer@google.com, krisman@suse.de Subject: Re: [PATCH v3 1/1] io_uring: add a sysctl to disable io_uring system-wide Message-ID: <20230809150945.abp755qafjhxbmx6@awork3.anarazel.de> References: <20230630151003.3622786-1-matteorizzo@google.com> <20230630151003.3622786-2-matteorizzo@google.com> <20230726174549.cg4jgx2d33fom4rb@awork3.anarazel.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Sorry for the delayed response, EINBOXOVERFLOW. On 2023-07-26 16:02:26 -0400, Jeff Moyer wrote: > Andres Freund writes: > > > Hi, > > > > On 2023-06-30 15:10:03 +0000, Matteo Rizzo wrote: > >> Introduce a new sysctl (io_uring_disabled) which can be either 0, 1, > >> or 2. When 0 (the default), all processes are allowed to create io_uring > >> instances, which is the current behavior. When 1, all calls to > >> io_uring_setup fail with -EPERM unless the calling process has > >> CAP_SYS_ADMIN. When 2, calls to io_uring_setup fail with -EPERM > >> regardless of privilege. > > > > Hm, is there a chance that instead of requiring CAP_SYS_ADMIN, a certain group > > could be required (similar to hugetlb_shm_group)? Requiring CAP_SYS_ADMIN > > could have the unintended consequence of io_uring requiring tasks being run > > with more privileges than needed... Or some other more granular way of > > granting the right to use io_uring? > > That's fine with me, so long as there is still an option to completely > disable io_uring. Makes sense. > > ISTM that it'd be nice if e.g. a systemd service specification could allow > > some services to use io_uring, without allowing it for everyone, or requiring > > to run services effectively as root. > > Do you have a proposal for how that would work? I think group based permissions would allow for it, even if perhaps not in the most beautiful manner. Systemd can configure additional groups for a service with SupplementaryGroups, so adding a "io_uring" group or such should work. Greetings, Andres Freund