Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Subject: Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
From: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Date: Thu, 5 Dec 2019 10:11:55 -0800
Cc: Alexey Budankov <alexey.budankov@xxxxxxxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, elena.reshetova@xxxxxxxxx, Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Stephane Eranian <eranian@xxxxxxxxxx>, Namhyung Kim <namhyung@xxxxxxxxxx>, linux-security-module@xxxxxxxxxxxxxxx, selinux@xxxxxxxxxxxxxxx, linux-kernel <linux-kernel@xxxxxxxxxxxxxxx>
In-reply-to: <a81248c5-971a-9d3f-6df4-e6335384fe7f@schaufler-ca.com>
References: <283f09a5-33bd-eac3-bdfd-83d775045bf9@linux.intel.com> <1e836f34-eda3-542d-f7ce-9a3e87ac5e2e@schaufler-ca.com> <d0c6f000-4757-02d8-b114-a35cbb9566ed@linux.intel.com> <a81248c5-971a-9d3f-6df4-e6335384fe7f@schaufler-ca.com>
User-agent: Mutt/1.12.1 (2019-06-15)

> The question isn't whether the tool could use the capability, it's whether
> the tool would also need CAP_SYS_ADMIN to be useful. Are there existing
> tools that could stop using CAP_SYS_ADMIN in favor of CAP_SYS_PERFMON?
> My bet is that any tool that does performance monitoring is going to need
> CAP_SYS_ADMIN for other reasons.

At least perf stat won't.

-Andi

References:
- [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
  - From: Alexey Budankov
- Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
  - From: Casey Schaufler
- Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
  - From: Alexey Budankov
- Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
  - From: Casey Schaufler

Prev by Date: Re: [PATCH v9] selinux: sidtab: reverse lookup hash table
Next by Date: Re: [PATCH v9] selinux: sidtab: reverse lookup hash table
Previous by thread: Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
Next by thread: Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
Index(es):
- Date
- Thread

[Index of Archives] [Selinux Refpolicy] [Linux SGX] [Fedora Users] [Fedora Desktop] [Yosemite Photos] [Yosemite Camping] [Yosemite Campsites] [KDE Users] [Gnome Users]