Re: [PATCH v7 02/12] perf/core: open access to the core for CAP_PERFMON... | linuxppc-dev

[PATCH v7 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability · Alexey Budankov <hidden> · 2020-02-17
[PATCH v7 01/12] capabilities: introduce CAP_PERFMON to kernel and user space · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 01/12] capabilities: introduce CAP_PERFMON to kernel and user space · Stephen Smalley <hidden> · 2020-02-18
Re: [PATCH v7 01/12] capabilities: introduce CAP_PERFMON to kernel and user space · James Morris <jmorris@namei.org> · 2020-02-18
Re: [PATCH v7 01/12] capabilities: introduce CAP_PERFMON to kernel and user space · Alexey Budankov <hidden> · 2020-02-19
[PATCH v7 02/12] perf/core: open access to the core for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 02/12] perf/core: open access to the core for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 03/12] perf/core: open access to probes for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 03/12] perf/core: open access to probes for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 04/12] perf tool: extend Perf tool with CAP_PERFMON capability support · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 04/12] perf tool: extend Perf tool with CAP_PERFMON capability support · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 05/12] drm/i915/perf: open access for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 05/12] drm/i915/perf: open access for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 06/12] trace/bpf_trace: open access for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 06/12] trace/bpf_trace: open access for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 07/12] powerpc/perf: open access for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 07/12] powerpc/perf: open access for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 08/12] parisc/perf: open access for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 08/12] parisc/perf: open access for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 09/12] drivers/perf: open access for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 09/12] drivers/perf: open access for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 10/12] drivers/oprofile: open access for CAP_PERFMON privileged process · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 10/12] drivers/oprofile: open access for CAP_PERFMON privileged process · James Morris <jmorris@namei.org> · 2020-02-18
[PATCH v7 11/12] doc/admin-guide: update perf-security.rst with CAP_PERFMON information · Alexey Budankov <hidden> · 2020-02-17
[PATCH v7 12/12] doc/admin-guide: update kernel.rst with CAP_PERFMON information · Alexey Budankov <hidden> · 2020-02-17
Re: [PATCH v7 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability · Alexey Budankov <hidden> · 2020-02-25
Re: [Intel-gfx] [PATCH v7 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability · Serge Hallyn <serge@hallyn.com> · 2020-03-02
Re: [Intel-gfx] [PATCH v7 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability · James Morris <jmorris@namei.org> · 2020-03-02
Re: [Intel-gfx] [PATCH v7 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability · James Morris <jmorris@namei.org> · 2020-03-26

Re: [PATCH v7 02/12] perf/core: open access to the core for CAP_PERFMON privileged process

From: James Morris <jmorris@namei.org>
Date: 2020-02-18 19:23:10
Also in: intel-gfx, linux-arm-kernel, linux-doc, linux-man, linux-security-module, lkml, selinux

On Mon, 17 Feb 2020, Alexey Budankov wrote:

Open access to monitoring of kernel code, cpus, tracepoints and
namespaces data for a CAP_PERFMON privileged process. Providing the
access under CAP_PERFMON capability singly, without the rest of
CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials
and makes operation more secure.

CAP_PERFMON implements the principal of least privilege for performance
monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39
principle of least privilege: A security design principle that states
that a process or program be granted only those privileges (e.g.,
capabilities) necessary to accomplish its legitimate function, and only
for the time that such privileges are actually required)

For backward compatibility reasons access to perf_events subsystem
remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN
usage for secure perf_events monitoring is discouraged with respect to
CAP_PERFMON capability.

Signed-off-by: Alexey Budankov <redacted>


Reviewed-by: James Morris <redacted>


-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help