On Mon, Nov 12, 2018 at 11:17:29AM +0100, Paolo Bonzini wrote: > > Well, that's what we have the security_file_ioctl() LSM hook for so that > > your security model can arbitrate access to ioctls. > > Doesn't that have TOC-TOU races by design?
If you want to look at the command - yes. If you just want to filter read vs write vs ioctl, no. > Also, what about SG_IO giving write access to files that are only opened > read-only (and only have read permissions)? Allowing SG_IO on read-only permissions sounds like a reall bad idea, filtering or not.
