From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23F20C2D0C6 for ; Sat, 28 Dec 2019 11:11:20 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 71CEC20748 for ; Sat, 28 Dec 2019 11:11:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 71CEC20748 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=hallyn.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47lLbm4ZqtzDqGg for ; Sat, 28 Dec 2019 22:11:16 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=mail.hallyn.com (client-ip=178.63.66.53; helo=mail.hallyn.com; envelope-from=serge@mail.hallyn.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=hallyn.com X-Greylist: delayed 324 seconds by postgrey-1.36 at bilbo; Sat, 28 Dec 2019 14:59:02 AEDT Received: from mail.hallyn.com (mail.hallyn.com [178.63.66.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47l9120KsyzDqFD for ; Sat, 28 Dec 2019 14:59:00 +1100 (AEDT) Received: by mail.hallyn.com (Postfix, from userid 1001) id BA54465C; Fri, 27 Dec 2019 21:53:31 -0600 (CST) Date: Fri, 27 Dec 2019 21:53:31 -0600 From: "Serge E. Hallyn" To: Alexey Budankov Subject: Re: [PATCH v4 1/9] capabilities: introduce CAP_SYS_PERFMON to kernel and user space Message-ID: <20191228035331.GA16088@mail.hallyn.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Mailman-Approved-At: Sat, 28 Dec 2019 22:09:11 +1100 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Song Liu , Peter Zijlstra , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , "jani.nikula@linux.intel.com" , Arnaldo Carvalho de Melo , "rodrigo.vivi@intel.com" , Namhyung Kim , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Tvrtko Ursulin , "linux-parisc@vger.kernel.org" , linux-kernel , Lionel Landwerlin , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Wed, Dec 18, 2019 at 12:24:28PM +0300, Alexey Budankov wrote: > > Introduce CAP_SYS_PERFMON capability devoted to secure system performance > monitoring and observability operations so that CAP_SYS_PERFMON would > assist CAP_SYS_ADMIN capability in its governing role for perf_events, > i915_perf and other subsystems of the kernel. > > CAP_SYS_PERFMON intends to harden system security and integrity during > system performance monitoring and observability operations by decreasing > attack surface that is available to CAP_SYS_ADMIN privileged processes. > > CAP_SYS_PERFMON intends to take over CAP_SYS_ADMIN credentials related > to system performance monitoring and observability operations and balance > amount of CAP_SYS_ADMIN credentials in accordance with the recommendations > provided in the man page for CAP_SYS_ADMIN [1]: "Note: this capability > is overloaded; see Notes to kernel developers, below." > > [1] http://man7.org/linux/man-pages/man7/capabilities.7.html > > Signed-off-by: Alexey Budankov Acked-by: Serge Hallyn