From: Andi Kleen <ak@linux.intel.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Jiri Olsa <jolsa@redhat.com>,
elena.reshetova@intel.com,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
Stephane Eranian <eranian@google.com>,
Namhyung Kim <namhyung@kernel.org>,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
Date: Wed, 11 Dec 2019 12:36:48 -0800 [thread overview]
Message-ID: <20191211203648.GA862919@tassilo.jf.intel.com> (raw)
In-Reply-To: <16e9e399-2ebf-261f-eee5-cf9ace2a82b9@schaufler-ca.com>
> > In this circumstances CAP_SYS_PERFMON looks like smart balanced advancement that
> > trade-offs between perf_events subsystem extensions, required level of control
> > and configurability of perf_events, existing users adoption effort, and it brings
> > security hardening benefits of decreasing attack surface for the existing users
> > and use cases.
>
> I'm not 100% opposed to CAP_SYS_PERFMON. I am 100% opposed to new capabilities
> that have a single use. Surely there are other CAP_SYS_ADMIN users that [cs]ould
> be converted to CAP_SYS_PERFMON as well. If there is a class of system performance
> privileged operations, say a dozen or so, you may have a viable argument.
perf events is not a single use. It has a bazillion of sub functionalities,
including hardware tracing, software tracing, pmu counters, software counters,
uncore counters, break points and various other stuff in its PMU drivers.
See it more as a whole quite heterogenous driver subsystem.
I guess CAP_SYS_PERFMON is not a good name because perf is much more
than just Perfmon. Perhaps call it CAP_SYS_PERF_EVENTS
-Andi
next prev parent reply other threads:[~2019-12-11 20:36 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-05 16:15 [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups Alexey Budankov
2019-12-05 16:19 ` [PATCH v1 1/3] capabilities: introduce CAP_SYS_PERFMON to kernel and user space Alexey Budankov
2019-12-05 16:21 ` [PATCH v1 2/3] perf/core: apply CAP_SYS_PERFMON to CPUs and kernel monitoring Alexey Budankov
2019-12-05 16:22 ` [PATCH v1 3/3] perf tool: extend Perf tool with CAP_SYS_PERFMON support Alexey Budankov
2019-12-05 16:49 ` [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups Casey Schaufler
2019-12-05 17:05 ` Alexey Budankov
2019-12-05 17:33 ` Casey Schaufler
2019-12-05 18:11 ` Andi Kleen
2019-12-05 18:37 ` Alexey Budankov
2019-12-11 10:52 ` Alexey Budankov
2019-12-11 15:24 ` Peter Zijlstra
2019-12-11 17:00 ` Alexey Budankov
2019-12-11 18:09 ` Casey Schaufler
2019-12-11 20:36 ` Andi Kleen [this message]
2019-12-11 21:25 ` Casey Schaufler
2019-12-12 14:24 ` Stephen Smalley
2019-12-15 11:53 ` Alexey Budankov
2019-12-11 19:04 ` Stephane Eranian
-- strict thread matches above, loose matches on Subject: below --
2019-12-05 15:41 Alexey Budankov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211203648.GA862919@tassilo.jf.intel.com \
--to=ak@linux.intel.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexey.budankov@linux.intel.com \
--cc=casey@schaufler-ca.com \
--cc=elena.reshetova@intel.com \
--cc=eranian@google.com \
--cc=jannh@google.com \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.