diff options
| author | Alexey Budankov <alexey.budankov@linux.intel.com> | 2020-10-19 19:16:49 +0200 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2020-11-04 13:42:40 +0100 |
| commit | 4cb3fb1cd96f9e9a2c5095db42c2d7adbd5c5af9 (patch) | |
| tree | 25dbba6d56b94690570cd2ad1d44191b95838330 /Documentation/admin-guide | |
| parent | Merge tag 'perf-tools-for-v5.10-2020-11-03' of git://git.kernel.org/pub/scm/l... (diff) | |
| download | linux-4cb3fb1cd96f9e9a2c5095db42c2d7adbd5c5af9.tar.xz linux-4cb3fb1cd96f9e9a2c5095db42c2d7adbd5c5af9.zip | |
doc/admin-guide: Note credentials consolidation under CAP_PERFMON
Add note that starting from Linux v5.9 CAP_PERFMON Linux capability is
enough to conduct performance monitoring and observability using
perf_events API.
Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-doc@vger.kernel.org
Cc: linux-man@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Link: http://lore.kernel.org/lkml/2b1a92a1-84ce-5c70-837d-8ffe96849588@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'Documentation/admin-guide')
| -rw-r--r-- | Documentation/admin-guide/perf-security.rst | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/Documentation/admin-guide/perf-security.rst b/Documentation/admin-guide/perf-security.rst index 1307b5274a0f..57a65e27eeb9 100644 --- a/Documentation/admin-guide/perf-security.rst +++ b/Documentation/admin-guide/perf-security.rst @@ -84,11 +84,14 @@ capabilities then providing the process with CAP_PERFMON capability singly is recommended as the preferred secure approach to resolve double access denial logging related to usage of performance monitoring and observability. -Unprivileged processes using perf_events system call are also subject -for PTRACE_MODE_READ_REALCREDS ptrace access mode check [7]_ , whose -outcome determines whether monitoring is permitted. So unprivileged -processes provided with CAP_SYS_PTRACE capability are effectively -permitted to pass the check. +Prior Linux v5.9 unprivileged processes using perf_events system call +are also subject for PTRACE_MODE_READ_REALCREDS ptrace access mode check +[7]_ , whose outcome determines whether monitoring is permitted. +So unprivileged processes provided with CAP_SYS_PTRACE capability are +effectively permitted to pass the check. Starting from Linux v5.9 +CAP_SYS_PTRACE capability is not required and CAP_PERFMON is enough to +be provided for processes to make performance monitoring and observability +operations. Other capabilities being granted to unprivileged processes can effectively enable capturing of additional data required for later |