Hi Namhyung, On 04.04.2020 5:18, Namhyung Kim wrote: > Hello, > > On Thu, Apr 2, 2020 at 5:47 PM Alexey Budankov > <alexey.budan...@linux.intel.com> wrote: >> >> >> Extend error messages to mention CAP_PERFMON capability as an option >> to substitute CAP_SYS_ADMIN capability for secure system performance >> monitoring and observability operations. Make perf_event_paranoid_check() >> and __cmd_ftrace() to be aware of CAP_PERFMON capability. >> >> CAP_PERFMON implements the principal of least privilege for performance >> monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39 >> principle of least privilege: A security design principle that states >> that a process or program be granted only those privileges (e.g., >> capabilities) necessary to accomplish its legitimate function, and only >> for the time that such privileges are actually required) >> >> For backward compatibility reasons access to perf_events subsystem remains >> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for >> secure perf_events monitoring is discouraged with respect to CAP_PERFMON >> capability. >> >> Signed-off-by: Alexey Budankov <alexey.budan...@linux.intel.com> >> Reviewed-by: James Morris <jamor...@linux.microsoft.com> > > Acked-by: Namhyung Kim <namhy...@kernel.org>
Thanks! I appreciate you involvement and effort. ~Alexey > > Thanks > Namhyung > _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx