From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
elena.reshetova@intel.com,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
Stephane Eranian <eranian@google.com>,
Namhyung Kim <namhyung@kernel.org>,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: [PATCH v1 1/3] capabilities: introduce CAP_SYS_PERFMON to kernel and user space
Date: Thu, 5 Dec 2019 19:19:51 +0300 [thread overview]
Message-ID: <4ebe4d05-85c3-20dc-89a4-ed8f052d586e@linux.intel.com> (raw)
In-Reply-To: <283f09a5-33bd-eac3-bdfd-83d775045bf9@linux.intel.com>
Introduce CAP_SYS_PERFMON capability dedicated to secure performance
monitoring activity so that CAP_SYS_PERFMON would assist CAP_SYS_ADMIN
capability in its governing role for perf_events based performance
monitoring of a system.
CAP_SYS_PERFMON aims to harden system security and integrity during
performance monitoring by decreasing attack surface that is available
to CAP_SYS_ADMIN privileged processes.
CAP_SYS_PERFMON aims to take over CAP_SYS_ADMIN credentials related to
performance monitoring functionality of perf_events and balance amount of
CAP_SYS_ADMIN credentials in accordance with the recommendations provided in
the man page for CAP_SYS_ADMIN [3]: "Note: this capability is overloaded;
see Notes to kernel developers, below."
Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
---
include/uapi/linux/capability.h | 10 +++++++++-
security/selinux/include/classmap.h | 4 ++--
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 240fdb9a60f6..c9514f034be1 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -366,8 +366,16 @@ struct vfs_ns_cap_data {
#define CAP_AUDIT_READ 37
+/*
+ * Allow usage of perf_event_open() syscall (perf_events subsystem):
+ * http://man7.org/linux/man-pages/man2/perf_event_open.2.html
+ * beyond the scope permitted by perf_event_paranoid kernel setting.
+ * See Documentation/admin-guide/perf-security.rst for more information.
+ */
+
+#define CAP_SYS_PERFMON 38
-#define CAP_LAST_CAP CAP_AUDIT_READ
+#define CAP_LAST_CAP CAP_SYS_PERFMON
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 7db24855e12d..bae602c623b0 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -27,9 +27,9 @@
"audit_control", "setfcap"
#define COMMON_CAP2_PERMS "mac_override", "mac_admin", "syslog", \
- "wake_alarm", "block_suspend", "audit_read"
+ "wake_alarm", "block_suspend", "audit_read", "sys_perfmon"
-#if CAP_LAST_CAP > CAP_AUDIT_READ
+#if CAP_LAST_CAP > CAP_SYS_PERFMON
#error New capability defined, please update COMMON_CAP2_PERMS.
#endif
--
2.20.1
next prev parent reply other threads:[~2019-12-05 16:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-05 16:15 [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups Alexey Budankov
2019-12-05 16:19 ` Alexey Budankov [this message]
2019-12-05 16:21 ` [PATCH v1 2/3] perf/core: apply CAP_SYS_PERFMON to CPUs and kernel monitoring Alexey Budankov
2019-12-05 16:22 ` [PATCH v1 3/3] perf tool: extend Perf tool with CAP_SYS_PERFMON support Alexey Budankov
2019-12-05 16:49 ` [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups Casey Schaufler
2019-12-05 17:05 ` Alexey Budankov
2019-12-05 17:33 ` Casey Schaufler
2019-12-05 18:11 ` Andi Kleen
2019-12-05 18:37 ` Alexey Budankov
2019-12-11 10:52 ` Alexey Budankov
2019-12-11 15:24 ` Peter Zijlstra
2019-12-11 17:00 ` Alexey Budankov
2019-12-11 18:09 ` Casey Schaufler
2019-12-11 20:36 ` Andi Kleen
2019-12-11 21:25 ` Casey Schaufler
2019-12-12 14:24 ` Stephen Smalley
2019-12-15 11:53 ` Alexey Budankov
2019-12-11 19:04 ` Stephane Eranian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ebe4d05-85c3-20dc-89a4-ed8f052d586e@linux.intel.com \
--to=alexey.budankov@linux.intel.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=elena.reshetova@intel.com \
--cc=eranian@google.com \
--cc=jannh@google.com \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.