Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2000263ybl;
        Thu, 5 Dec 2019 10:17:11 -0800 (PST)
X-Google-Smtp-Source: APXvYqz5PJqE8K6sbHGs5oRR7DWKht6FGs9/QToenvNqZdtanSYlniwnwXv3qIHdKPAs7zIZNexL
X-Received: by 2002:aca:f083:: with SMTP id o125mr8147879oih.122.1575569831244;
        Thu, 05 Dec 2019 10:17:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1575569831; cv=none;
        d=google.com; s=arc-20160816;
        b=XLzon8aILSSWKzqCp4DE5bFBqRI+2atXzkUTiZtC3TRZ8yf7kQxI+5MwLFFffBLyBq
         UsqWIoen6ZmEty6C7wrwMdJdkm47mxJrj8YZTTnPSr18ZyTeU+0HKeiVk8Bz7gWXFhBA
         AWUHEy8r8CifypBF2aAk+RfXqXZRC51ekTUBe09xJbkP29IV54dJQ7TklWm9axz6dqa4
         anaIXsXyVomwcIhWdft9lqeVogHc5pWvo+xYRBAwLVM5es0kmesoiChYw+eMmUfyeKPu
         I8Dj8mmrmjtrEdI7MCir9SJNk5MIs2hXvXatjHn5cULkHtUa9BB+LLhv8q4Me+dpj8rL
         JsmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=4I+5J3fUoAu5Rwx8Z9mX06H7NYwQ4w2PrpdaiK6LCSc=;
        b=Aku/+gryErUAp/P6YCVHJ86VZK/ijDIseeEVwez0+jt7camC+bH96aOVw7lCxvO6dX
         c0Y1xSMw6AIw+TS+mWfmU0XPlUniU4jMUWYKrPQrP5nx9D5BYFsgLPUC/SGbBZ8Fe9qu
         ahTSEpd+cpCbXorJ5pvsBQ5DOT6eetWfVgO8IGWNSv3PdpRgZFPBGP05G4+FzoPbap7A
         1pyEM7hRgvb6Ckmz2lL2TQkwbuzLHyxyFyFnW3lCcRnB3Ujd2fVDGB6fpZS2QRZ5h5v9
         e+x/oTSRhfLycWeNOwjJhmbugYF8XOhYDGZL4f4XvcyHU/4AT8xMceA3a/d4y1sEd+lF
         sRfg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n137si5459022oig.127.2019.12.05.10.16.58;
        Thu, 05 Dec 2019 10:17:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730073AbfLESL7 (ORCPT <rfc822;wxiaokuan@gmail.com> + 99 others);
        Thu, 5 Dec 2019 13:11:59 -0500
Received: from mga05.intel.com ([192.55.52.43]:14660 "EHLO mga05.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726028AbfLESL5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 5 Dec 2019 13:11:57 -0500
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Dec 2019 10:11:55 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,282,1571727600"; 
   d="scan'208";a="294611441"
Received: from tassilo.jf.intel.com (HELO tassilo.localdomain) ([10.7.201.21])
  by orsmga001.jf.intel.com with ESMTP; 05 Dec 2019 10:11:55 -0800
Received: by tassilo.localdomain (Postfix, from userid 1000)
        id 2CF0D300B57; Thu,  5 Dec 2019 10:11:55 -0800 (PST)
Date:   Thu, 5 Dec 2019 10:11:55 -0800
From:   Andi Kleen <ak@linux.intel.com>
To:     Casey Schaufler <casey@schaufler-ca.com>
Cc:     Alexey Budankov <alexey.budankov@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Ingo Molnar <mingo@redhat.com>, Jiri Olsa <jolsa@redhat.com>,
        elena.reshetova@intel.com,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Jann Horn <jannh@google.com>,
        Kees Cook <keescook@chromium.org>,
        Stephane Eranian <eranian@google.com>,
        Namhyung Kim <namhyung@kernel.org>,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
        linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure
 Perf users groups
Message-ID: <20191205181155.GB723068@tassilo.jf.intel.com>
References: <283f09a5-33bd-eac3-bdfd-83d775045bf9@linux.intel.com>
 <1e836f34-eda3-542d-f7ce-9a3e87ac5e2e@schaufler-ca.com>
 <d0c6f000-4757-02d8-b114-a35cbb9566ed@linux.intel.com>
 <a81248c5-971a-9d3f-6df4-e6335384fe7f@schaufler-ca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a81248c5-971a-9d3f-6df4-e6335384fe7f@schaufler-ca.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> The question isn't whether the tool could use the capability, it's whether
> the tool would also need CAP_SYS_ADMIN to be useful. Are there existing
> tools that could stop using CAP_SYS_ADMIN in favor of CAP_SYS_PERFMON?
> My bet is that any tool that does performance monitoring is going to need
> CAP_SYS_ADMIN for other reasons.

At least perf stat won't.

-Andi