To facilitate informed decision making by system administrators [1] to permit and manage access to Perf Events (perf_events) / Perf tool (Perf) [2],[3] performance monitoring for multiple users perf-security.rst document suggested by Thomas Gleixner is introduced [4] that: a) states perf_events/Perf access security concerns for multi user environment b) refers to base Linux access control and management principles c) extends documentation of possible perf_event_paranoid knob settings The file serves as single knowledge source for perf_events/Perf security and access control related matter according to decisions, discussion and PoC prototype previously made here [5],[6]. The file can later be extended with information describing: a) perf_events/Perf usage models and its security implications b) perf_events/Perf user interface, its changes and related security implications c) security related implications of monitoring by a specific perf_events PMU [2] --- Alexey Budankov (2): Documentation/admin-guide: introduce perf-security.rst file Documentation/admin-guide: update admin-guide index.rst Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/perf-security.rst | 97 +++++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 Documentation/admin-guide/perf-security.rst --- Changes in v4: - added docs for perf_event related capabilities Changes in v3: - toning down of the markup for "scope, access and resource" - adding definite article for "Linux implementation" Changes in v2: - reverted patches order in the set to avoid CI issue - replaced old PCL referencing by PE (Perf Events) - skipped >=3 setting documentation at the moment --- [1] https://marc.info/?l=linux-kernel&m=153815883923913&w=2 [2] http://man7.org/linux/man-pages/man2/perf_event_open.2.html [3] https://perf.wiki.kernel.org/index.php/Main_Page [4] https://marc.info/?l=linux-kernel&m=153837512226838&w=2 [5] https://marc.info/?l=linux-kernel&m=153736008310781&w=2 [6] https://lkml.org/lkml/2018/5/21/156
