From: "Serge E. Hallyn" <serge@hallyn.com>
To: Jordan Rome <linux@jordanrome.com>
Cc: linux-security-module@vger.kernel.org,
linux-trace-kernel@vger.kernel.org,
Andrii Nakryiko <andrii@kernel.org>,
Kernel Team <kernel-team@fb.com>, Serge Hallyn <serge@hallyn.com>,
Yonghong Song <yonghong.song@linux.dev>
Subject: Re: [v4] security: add trace event for cap_capable
Date: Wed, 30 Oct 2024 15:59:17 -0500 [thread overview]
Message-ID: <20241030205917.GA160675@mail.hallyn.com> (raw)
In-Reply-To: <20241030013314.2188163-1-linux@jordanrome.com>
On Tue, Oct 29, 2024 at 06:33:14PM -0700, Jordan Rome wrote:
> In cases where we want a stable way to observe/trace
> cap_capable (e.g. protection from inlining and API updates)
> add a tracepoint that passes:
> - The credentials used
> - The user namespace of the resource being accessed
> - The user namespace in which the credential provides the
> capability to access the targeted resource
> - The capability to check for
> - Bitmask of options defined in include/linux/security.h
> - The return value of the check
>
> Signed-off-by: Jordan Rome <linux@jordanrome.com>
Thanks, applied to https://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux.git/log/?h=v6.12-rc1%2bcaps
prev parent reply other threads:[~2024-10-30 20:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-30 1:33 [v4] security: add trace event for cap_capable Jordan Rome
2024-10-30 3:18 ` Serge E. Hallyn
2024-10-30 10:16 ` Jordan Rome
2024-10-30 15:30 ` Serge E. Hallyn
2024-10-30 20:59 ` Serge E. Hallyn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241030205917.GA160675@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=andrii@kernel.org \
--cc=kernel-team@fb.com \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=linux@jordanrome.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).