RE: [PATCH 2/3] perf kvm: Allow running without stdin

> On Wed, Oct 23, 2019 at 6:43 AM Jiri Olsa wrote: > > On Tue, Oct 22, 2019 at 09:54:52PM -0400, Igor Lubashev wrote: > > Allow perf kvm --stdio to run without access to stdin. > > This lets perf kvm to run in a batch mode until interrupted. > > > > The following now works as expected: > > > >

RE: Patch "perf ftrace: Use CAP_SYS_ADMIN instead of euid==0" has been added to the 5.3-stable tree

> On Thu, Oct 3, 2019 at 3:50 AM Greg KH wrote: > Sent: Thursday, October 3, 2019 3:50 AM > > On Tue, Oct 01, 2019 at 01:15:54PM -0400, Sasha Levin wrote: > > This is a note to let you know that I've just added the patch titled > > > > perf ftrace: Use CAP_SYS_ADMIN instead of euid==0 > > >

RE: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks

On Tue, August 20, 2019 at 1:14 PM Arnaldo Carvalho de Melo wrote: > > Arnaldo, once we decide what the right fix is, I am happy to post the > update (options 1, 1+2) as a patch series. > > I think you should get the checks for ref_reloc_sym in place so as to make the > code overall more

RE: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks

On Mon, August 19, 2019 at 12:51 PM Mathieu Poirier wrote: > On Thu, 15 Aug 2019 at 15:42, Arnaldo Carvalho de Melo > wrote: > > > > Em Thu, Aug 15, 2019 at 02:16:48PM -0600, Mathieu Poirier escreveu: > > > On Wed, 14 Aug 2019 at 14:02, Lubashev, Igor > wrote: &g

RE: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks

On Thu, August 15, 2019 at 4:17 PM Mathieu Poirier wrote: > On Wed, 14 Aug 2019 at 14:02, Lubashev, Igor > wrote: > > > > > On Wed, August 14, 2019 at 2:52 PM Arnaldo Carvalho de Melo > wrote: > > > Em Wed, Aug 14, 2019 at 03:48:14PM -0300, Arnaldo Carvalho d

RE: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks

> On Wed, August 14, 2019 at 2:52 PM Arnaldo Carvalho de Melo > wrote: > Em Wed, Aug 14, 2019 at 03:48:14PM -0300, Arnaldo Carvalho de Melo > escreveu: > > Em Wed, Aug 14, 2019 at 12:04:33PM -0600, Mathieu Poirier escreveu: > > > # echo 0 > /proc/sys/kernel/kptr_restrict # ./tools/perf/perf

RE: [PATCH v3 2/4] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks

On Mon, August 12, 2019 at 4:16 PM Arnaldo Carvalho de Melo wrote: > Em Mon, Aug 12, 2019 at 05:01:34PM -0300, Arnaldo Carvalho de Melo > escreveu: > > Em Wed, Aug 07, 2019 at 10:44:15AM -0400, Igor Lubashev escreveu: > > > +++ b/tools/perf/util/evsel.c > > > @@ -279,7 +279,7 @@ struct evsel

RE: [PATCH v2 2/4] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks

On Wed, August 7 at 2019 7:46 AM Jiri Olsa wrote: > On Tue, Aug 06, 2019 at 11:35:55PM -0400, Igor Lubashev wrote: > > The kernel is using CAP_SYS_ADMIN instead of euid==0 to override > > perf_event_paranoid check. Make perf do the same. > > > > Signed-off-by: Igor Lubashev > > --- > >

RE: [PATCH 1/3] perf: Add capability-related utilities

On Wed, July 17 at 2019 7:47 PM Arnaldo Carvalho de Melo wrote: > Em Wed, Jul 17, 2019 at 06:05:51PM -0300, Arnaldo Carvalho de Melo > escreveu: > > Em Tue, Jul 16, 2019 at 10:46:43AM +0200, Jiri Olsa escreveu: > > > On Tue, Jul 02, 2019 at 08:10:03PM -0400, Igor Lubashev wrote: > > > > Add

RE: [PATCH 1/3] perf: Add capability-related utilities

Thanks for the suggestion! I'll try to add a test for libcap to the patch series as v2 of the series. Probably not next week, though (IETF week). - Igor > On Wed, July 17, 2019 7:47 PM Arnaldo Carvalho de Melo wrote: > > Em Wed, Jul 17, 2019 at 06:05:51PM -0300, Arnaldo Carvalho de Melo

RE: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks

> On Wednesday, July 17, 2019 3:10 AM Jiri Olsa wrote: > On Tue, Jul 16, 2019 at 05:01:26PM +, Lubashev, Igor wrote: > > I could add another patch to the series for that. Any suggestion for what > capability to check for here? > > it's: > > if (geteuid() !=

RE: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks

I could add another patch to the series for that. Any suggestion for what capability to check for here? (There is always an alternative to not check for anything and let the kernel refuse to perform actions that the user does not have permissions to perform.) - Igor -Original

RE: [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve

> From: James Morris on Friday, June 14, 2019 11:54 PM: > On Sat, 15 Jun 2019, Lubashev, Igor wrote: > > > Unfortunately, perf is using uid==0 and euid==0 as a "capability bits". > > > > > > In tools/perf/util/evsel.c: > >

RE: [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve

> On Friday, June 14, 2019, James Morris wrote: > On Thu, 13 Jun 2019, Igor Lubashev wrote: > > > I've posted this in March but received no response. Reposting. > > > > This patch introduces SECURE_KEEP_FSUID to allow fsuid/fsgid to be > > preserved across execve. It is currently impossible to

RE: xt_hashlimig build error (was Re: [RFC 01/17] x86/asm/64: Remove the restore_c_regs_and_iret label)

turn r; } -Original Message- From: Vishwanath Pai [mailto:v...@akamai.com] Sent: Thursday, September 07, 2017 4:17 PM To: Linus Torvalds <torva...@linux-foundation.org> Cc: Ingo Molnar <mi...@kernel.org>; Lubashev, Igor <iluba...@akamai.com>; Hunt, Joshua <joh...@aka

RE: xt_hashlimig build error (was Re: [RFC 01/17] x86/asm/64: Remove the restore_c_regs_and_iret label)

turn r; } -Original Message- From: Vishwanath Pai [mailto:v...@akamai.com] Sent: Thursday, September 07, 2017 4:17 PM To: Linus Torvalds Cc: Ingo Molnar ; Lubashev, Igor ; Hunt, Joshua ; Pablo Neira Ayuso ; Borislav Petkov ; Andy Lutomirski ; the arch/x86 maintainers ; Linux Kernel M