Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5795140rwb;
        Wed, 9 Aug 2023 09:11:27 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHDkQNSzsWDf5sA/dglWmSYOvv2L4B1jbJxcoGW4Im3vYp7mCNAoAhiidTvS+5v13rs7Wjz
X-Received: by 2002:a05:6830:1e46:b0:6bd:708:c1f2 with SMTP id e6-20020a0568301e4600b006bd0708c1f2mr3164054otj.14.1691597487150;
        Wed, 09 Aug 2023 09:11:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691597487; cv=none;
        d=google.com; s=arc-20160816;
        b=QIk5EKv1iVb3wu0rUJp4Z7VSpJ2Mdadca1tyh2Rp17lEypQ1rjEpr3SPAisMKPnZoZ
         AHlONPRRM3L4vHTqf0gIOjOzANPjWlYkfNuCbEHunY13+LLoNjWieic+CH98aEpzD//1
         SjwKDMR0XfdlsNltMna0sFNBvmSoA+ANxh090opHjwhppeABxVQVYONs1H2dxuk+SByr
         EK6nKieXZq+yXUJRCtWEBP0dnEBnKFy9+jXIpfGsyNmuE8WibAaFQHBnMC09lvX8dUOT
         V/FMEHEHUF9LZluEZXkDWABD+OrUr+Cdi+hzEDvSvszaeutfyptFxsnqmSJFHDfiB/5F
         9qgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:feedback-id
         :dkim-signature:dkim-signature;
        bh=m7Yanb/vvsE/fqlIS6281qF7gWWLaghgUEnS3kHEVy0=;
        fh=e8OB/Ftl9IuvwdUF+EIj4xXmEj5a/Ujd0cy/NIzvKXY=;
        b=FnSsw0pY2juPozsPsB64JFzxNtGy82LIeYp7fa6Ulo8pjL2+jPl2qWfdW+qw8+XFdo
         utjhTxejpacQYxpChk2SLuad0qOKbWzcZ/KRiwFWqQGw9p9ZJHsv6uM8Jb6111aGfXW/
         /1AagIevPw8b3mXh/I7JBpYalxz7Iw01iF3VOnBDMsf4dC8zhYF6U8omfPymT2d0nVEL
         PjLeXVdpDfmQaeKdovx2S0covGsCDqhV0qCO2tLhMHXsNQtBjVxW/jGz3prh/PfTmuHw
         hZ+0mKwgkEf1aCjbbwhwdS5mZ8a7lI4PwiIFVqDlOvKZR4eT5h4NHTXBOtAREvbYC7Yj
         Nbjg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@anarazel.de header.s=fm3 header.b=neG4KZuW;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=0wYJnG2j;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id j37-20020a634a65000000b0055384eb4f43si9844850pgl.221.2023.08.09.09.11.14;
        Wed, 09 Aug 2023 09:11:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@anarazel.de header.s=fm3 header.b=neG4KZuW;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=0wYJnG2j;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232956AbjHIPJ4 (ORCPT <rfc822;artur.folwarczny@gmail.com>
        + 99 others); Wed, 9 Aug 2023 11:09:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37170 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229914AbjHIPJ4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Aug 2023 11:09:56 -0400
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BFB3F1999;
        Wed,  9 Aug 2023 08:09:51 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
        by mailout.nyi.internal (Postfix) with ESMTP id 9E4DE5C00CC;
        Wed,  9 Aug 2023 11:09:48 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute2.internal (MEProxy); Wed, 09 Aug 2023 11:09:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anarazel.de; h=
        cc:cc:content-type:content-type:date:date:from:from:in-reply-to
        :in-reply-to:message-id:mime-version:references:reply-to:sender
        :subject:subject:to:to; s=fm3; t=1691593788; x=1691680188; bh=m7
        Yanb/vvsE/fqlIS6281qF7gWWLaghgUEnS3kHEVy0=; b=neG4KZuWdFoqjpt55G
        C6BGZC3xc91iYe1axORYvayX3EjKpNORwPe96Hp2IJNRde99sVDwBklTgLnTtQZm
        AwU5Xyc2SixBeufC5gQLYj7NIiPqrfmTBAPAYB/8vftniCos59B0MLMI5fVayp/B
        EYYUVE0Zvu0pA7ANtUV8HaMwjEyQVz3WyJ6RNWbu7t0hEHEhQCHvOYlEy33QH7+s
        eWs1PnsXlczGMXM3bQBYJEFSmU+kbM29yDUzYRQiduz/61ONTLAsXzXHfBfNPXIB
        kZCWKqCdBOGaGDTUHSasGCtRsYFdC9L+ER2SFGdrt7DE0escJ8v+L8kuimvnri4G
        mqgg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:cc:content-type:content-type:date:date
        :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
        :message-id:mime-version:references:reply-to:sender:subject
        :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
        :x-sasl-enc; s=fm3; t=1691593788; x=1691680188; bh=m7Yanb/vvsE/f
        qlIS6281qF7gWWLaghgUEnS3kHEVy0=; b=0wYJnG2jecIE88IDHNK4B3wtDn+tI
        ZMIk3gtRQPlcr+yG0x8DLWJyCTubvrstivux2twxPOsirVL9fxyc+eyd/mVmMpMe
        RqHcEUCk/17MLe/a3dQGe8hOVB9zDfZ1FZLMBrJ9B5C198T3LX7HQDS4c+/ZFBuj
        EweSfjMsDr+FaDHpIywVLqhWpp1dGkzrLqH3m40tlavpXbOP33VCa7LVPItT6n06
        +SUy7l56t1WQQvRMP9KeaIb0KUnB4Am5xW5t8SLXiNbGtmWcUxMV83R6hP3c7Syp
        c2Uj3jTNMufW2nPHMOS9ken//385ThRZ2Z83w6MbHrdcL0lx7MgvAaUqQ==
X-ME-Sender: <xms:O6zTZABPODP7SAzfEtWb8fvevVdAJzmxgjbADHkM6a6jA74R_hHwWQ>
    <xme:O6zTZCi_6YHumSuxXikBRqLE7flX_KGmsLfL1U5UwpFg3OMLCnnjhFB6mnoZojKdW
    aWA9g-iKAnmuQTEQw>
X-ME-Received: <xmr:O6zTZDmshDLvhCyTpCC_LtXlTC3Bv1p-GNR3PL586crbN6kEtEfV-lcPtAJ-rJW_T5MRoCfkXXJqXzh3WROjfuojsuJpKWBp2ozXZORCMr9TvmhUrCWdvOUYjzCk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrleeggdekfecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpeffhffvvefukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpeetnhgurhgv
    shcuhfhrvghunhguuceorghnughrvghssegrnhgrrhgriigvlhdruggvqeenucggtffrrg
    htthgvrhhnpedvffefvefhteevffegieetfefhtddvffejvefhueetgeeludehteevudei
    tedtudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe
    grnhgurhgvshesrghnrghrrgiivghlrdguvg
X-ME-Proxy: <xmx:O6zTZGz2pyx1aZJXdPyjZU1sGSbBV33WvmJrdfF307Xo5cMEopOaCg>
    <xmx:O6zTZFS4vPpX6S6IJfRLhsZLpHewPWgoaGIdxdDkxk1ycQP1vtkBZA>
    <xmx:O6zTZBaQTJagVRrc0WK-erBsE6sSKlU3H-_vUtrFm0IFchzVAfFhQw>
    <xmx:PKzTZGKL_39ndypR66zDr36gTnF3d3mHbE3L4hIzWKUnOIHySJGJ7A>
Feedback-ID: id4a34324:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 9 Aug 2023 11:09:47 -0400 (EDT)
Date:   Wed, 9 Aug 2023 08:09:45 -0700
From:   Andres Freund <andres@anarazel.de>
To:     Jeff Moyer <jmoyer@redhat.com>
Cc:     Matteo Rizzo <matteorizzo@google.com>, linux-doc@vger.kernel.org,
        linux-kernel@vger.kernel.org, io-uring@vger.kernel.org,
        axboe@kernel.dk, asml.silence@gmail.com, corbet@lwn.net,
        akpm@linux-foundation.org, keescook@chromium.org,
        ribalda@chromium.org, rostedt@goodmis.org, jannh@google.com,
        chenhuacai@kernel.org, gpiccoli@igalia.com, ldufour@linux.ibm.com,
        evn@google.com, poprdi@google.com, jordyzomer@google.com,
        krisman@suse.de
Subject: Re: [PATCH v3 1/1] io_uring: add a sysctl to disable io_uring
 system-wide
Message-ID: <20230809150945.abp755qafjhxbmx6@awork3.anarazel.de>
References: <20230630151003.3622786-1-matteorizzo@google.com>
 <20230630151003.3622786-2-matteorizzo@google.com>
 <20230726174549.cg4jgx2d33fom4rb@awork3.anarazel.de>
 <x49fs5awiel.fsf@segfault.boston.devel.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <x49fs5awiel.fsf@segfault.boston.devel.redhat.com>
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

Sorry for the delayed response, EINBOXOVERFLOW.

On 2023-07-26 16:02:26 -0400, Jeff Moyer wrote:
> Andres Freund <andres@anarazel.de> writes:
> 
> > Hi,
> >
> > On 2023-06-30 15:10:03 +0000, Matteo Rizzo wrote:
> >> Introduce a new sysctl (io_uring_disabled) which can be either 0, 1,
> >> or 2. When 0 (the default), all processes are allowed to create io_uring
> >> instances, which is the current behavior. When 1, all calls to
> >> io_uring_setup fail with -EPERM unless the calling process has
> >> CAP_SYS_ADMIN. When 2, calls to io_uring_setup fail with -EPERM
> >> regardless of privilege.
> >
> > Hm, is there a chance that instead of requiring CAP_SYS_ADMIN, a certain group
> > could be required (similar to hugetlb_shm_group)? Requiring CAP_SYS_ADMIN
> > could have the unintended consequence of io_uring requiring tasks being run
> > with more privileges than needed... Or some other more granular way of
> > granting the right to use io_uring?
> 
> That's fine with me, so long as there is still an option to completely
> disable io_uring.

Makes sense.


> > ISTM that it'd be nice if e.g. a systemd service specification could allow
> > some services to use io_uring, without allowing it for everyone, or requiring
> > to run services effectively as root.
> 
> Do you have a proposal for how that would work?

I think group based permissions would allow for it, even if perhaps not in the
most beautiful manner. Systemd can configure additional groups for a service
with SupplementaryGroups, so adding a "io_uring" group or such should work.

Greetings,

Andres Freund