On Fri, Dec 10, 2021 at 6:15 PM Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > On 12/10/21 20:25, Jim Mattson wrote: > > In the long run, I'd like to be able to override this system-wide > > setting on a per-VM basis, for VMs that I trust. (Of course, this > > implies that I trust the userspace process as well.) > > > > How would you feel if we were to add a kvm ioctl to override this > > setting, for a particular VM, guarded by an appropriate permissions > > check, like capable(CAP_SYS_ADMIN) or capable(CAP_SYS_MODULE)? > > What's the rationale for guarding this with a capability check? IIRC > you don't have such checks for perf_event_open (apart for getting kernel > addresses, which is not a problem for virtualization). My reasoning was simply that for userspace to override a mode 0444 kernel module parameter, it should have the rights to reload the module with the parameter override. I wasn't thinking specifically about PMU capabilities.
