Re: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks

From: Jiri Olsa
Date: Wed Jul 17 2019 - 03:10:36 EST

Next message: Joerg Roedel: "[PATCH 0/3 v2] Sync unmappings in vmalloc/ioremap areas"
Previous message: Iuliana Prodan: "Re: [PATCH v5 02/14] crypto: caam - simplfy clock initialization"
In reply to: Lubashev, Igor: "RE: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Next in thread: Lubashev, Igor: "RE: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 16, 2019 at 05:01:26PM +0000, Lubashev, Igor wrote:
> I could add another patch to the series for that. Any suggestion for what capability to check for here?

it's:

if (geteuid() != 0) {
pr_err("ftrace only works for root!\n");
return -1
}

so I think check for CAP_SYS_ADMIN should be fine in here

jirka

>
> (There is always an alternative to not check for anything and let the kernel refuse to perform actions that the user does not have permissions to perform.)
>
> - Igor
>
> -----Original Message-----
> From: Jiri Olsa <jolsa@xxxxxxxxxx>
> Sent: Tuesday, July 16, 2019 4:48 AM
> Subject: Re: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks
>
> On Tue, Jul 02, 2019 at 08:10:04PM -0400, Igor Lubashev wrote:
> > The kernel is using CAP_SYS_ADMIN instead of euid==0 to override
> > perf_event_paranoid check. Make perf do the same.
>
> I see another geteuid check in __cmd_ftrace,
> perhaps we should cover this one as well
>
> jirka

Next message: Joerg Roedel: "[PATCH 0/3 v2] Sync unmappings in vmalloc/ioremap areas"
Previous message: Iuliana Prodan: "Re: [PATCH v5 02/14] crypto: caam - simplfy clock initialization"
In reply to: Lubashev, Igor: "RE: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Next in thread: Lubashev, Igor: "RE: [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]