From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anju T Sudhakar Subject: Re: [PATCH v5 07/10] powerpc/perf: open access for CAP_PERFMON privileged process Date: Wed, 22 Jan 2020 16:32:00 +0530 Message-ID: References: <0548c832-7f4b-dc4c-8883-3f2b6d351a08@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane-mx.org@lists.infradead.org To: Alexey Budankov Cc: Mark Rutland , Song Liu , Peter Zijlstra , "benh@kernel.crashing.org" , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , "selinux@vger.kernel.org" , intel-gfx List-Id: linux-perf-users.vger.kernel.org On 1/20/20 5:00 PM, Alexey Budankov wrote: > Open access to monitoring for CAP_PERFMON privileged processes. > For backward compatibility reasons access to the monitoring remains > open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage > for secure monitoring is discouraged with respect to CAP_PERFMON > capability. Providing the access under CAP_PERFMON capability singly, > without the rest of CAP_SYS_ADMIN credentials, excludes chances to > misuse the credentials and makes the operations more secure. > > Signed-off-by: Alexey Budankov > --- Acked-by: Anju T Sudhakar