RE: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks

From: Lubashev, Igor
Date: Tue Jul 16 2019 - 13:02:07 EST

Next message: Rob Clark: "Re: [PATCH 2/2] drm/vgem: use normal cached mmap'ings"
Previous message: Chris Wilson: "Re: [PATCH 2/2] drm/vgem: use normal cached mmap'ings"
In reply to: Jiri Olsa: "Re: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Next in thread: Jiri Olsa: "Re: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I could add another patch to the series for that. Any suggestion for what capability to check for here?

(There is always an alternative to not check for anything and let the kernel refuse to perform actions that the user does not have permissions to perform.)

- Igor

-----Original Message-----
From: Jiri Olsa <jolsa@xxxxxxxxxx>
Sent: Tuesday, July 16, 2019 4:48 AM
Subject: Re: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks

On Tue, Jul 02, 2019 at 08:10:04PM -0400, Igor Lubashev wrote:
> The kernel is using CAP_SYS_ADMIN instead of euid==0 to override
> perf_event_paranoid check. Make perf do the same.

I see another geteuid check in __cmd_ftrace,
perhaps we should cover this one as well

jirka

Next message: Rob Clark: "Re: [PATCH 2/2] drm/vgem: use normal cached mmap'ings"
Previous message: Chris Wilson: "Re: [PATCH 2/2] drm/vgem: use normal cached mmap'ings"
In reply to: Jiri Olsa: "Re: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Next in thread: Jiri Olsa: "Re: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]