Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp883799ybl; Wed, 11 Dec 2019 09:01:06 -0800 (PST) X-Google-Smtp-Source: APXvYqw5IsdEDRPyewcS12zlP68YcsqsnkkqT0Q6WLJ9a1Don+ak/Nuyh17OX32fcvOpWfNcD3l/ X-Received: by 2002:a9d:75da:: with SMTP id c26mr3034561otl.40.1576083666173; Wed, 11 Dec 2019 09:01:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576083666; cv=none; d=google.com; s=arc-20160816; b=HgVRK3h2xvRc+FkP5Bw1pwwdRddqiLVjRi0KbXND9lf849oDpMqJPBeNbkUMfijSmm /okkTg6KMAG8C2Vtpt6XkK2WG+YznQIiNbhOtFgsWcpWurSFDHzQq9+NWCHBU6amoYqT RhT2utZu/o2KIwjUCAwBLzivFaiARsNW2Kb0cvjh8LOaH96T7qHwCCDXWDCYQw94D3SJ zP80pppD9vfCLfEMtkeSMl4BuuJULvRlbtA4w5hjCW1aZpWPP5dDY/3c4Ouj+pC8YA9f ShOLXSXRIogeK+R8/fzzY0RHC8bRlwEYSz0tHKp2LFJDDev+0J0Zdygw+xpwEyvhy5zw I8ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject; bh=lWuTMN1Q+k7VJ0e2MuiedthoO29vfho3jRF24kIH3Lw=; b=vqrceAExWasmyI+oIWjZg3nKSSioaLfzm6IfFBNpKLI3jm8Ah7dtaUKRvvNgJ+ww9Q zqKnXqmYO1daXx4Knx6/F75NqnF74Ul9Vu10Q4wfpos+Pmv40GVd3rQkepQhFOXS0FJM zYR9PmfSJ96Fd4HgeN01nCBTLGTtrJPKbWZjjwWgOe/vlc56dC3gBKfBtLBHESzvGqAT ckLB4zeNmR4YsogUg43ieERx3UbwG9wH9Y/dHRoWA2QlWvaktg5DQNRYWaNceYWLZlzp ywUq8c/1R+FAgWgJMIMXLR7F9pd3CxP2Vpie8NufRnFO03fKEQeKo52dkzrReV7vgka4 pGIw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k2si1389323otp.273.2019.12.11.09.00.50; Wed, 11 Dec 2019 09:01:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730637AbfLKRAP (ORCPT + 99 others); Wed, 11 Dec 2019 12:00:15 -0500 Received: from mga09.intel.com ([134.134.136.24]:62027 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726313AbfLKRAO (ORCPT ); Wed, 11 Dec 2019 12:00:14 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2019 09:00:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,302,1571727600"; d="scan'208";a="220497269" Received: from linux.intel.com ([10.54.29.200]) by fmsmga001.fm.intel.com with ESMTP; 11 Dec 2019 09:00:13 -0800 Received: from [10.252.11.55] (abudanko-mobl.ccr.corp.intel.com [10.252.11.55]) by linux.intel.com (Postfix) with ESMTP id 43A9358043C; Wed, 11 Dec 2019 09:00:09 -0800 (PST) Subject: Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups To: Peter Zijlstra Cc: Casey Schaufler , Arnaldo Carvalho de Melo , Ingo Molnar , Jiri Olsa , Andi Kleen , elena.reshetova@intel.com, Alexander Shishkin , Jann Horn , Kees Cook , Stephane Eranian , Namhyung Kim , linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel References: <283f09a5-33bd-eac3-bdfd-83d775045bf9@linux.intel.com> <1e836f34-eda3-542d-f7ce-9a3e87ac5e2e@schaufler-ca.com> <20191211152435.GN2827@hirez.programming.kicks-ass.net> From: Alexey Budankov Organization: Intel Corp. Message-ID: <72d0dabb-ebd1-f071-6167-1fa935c0a09c@linux.intel.com> Date: Wed, 11 Dec 2019 20:00:07 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <20191211152435.GN2827@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11.12.2019 18:24, Peter Zijlstra wrote: > On Wed, Dec 11, 2019 at 01:52:15PM +0300, Alexey Budankov wrote: >> Undoubtedly, SELinux is the powerful, mature, whole level of functionality that >> could provide benefits not only for perf_events subsystem. However perf_events >> is built around capabilities to provide access control to its functionality, >> thus perf_events would require considerable rework prior it could be controlled >> thru SELinux. > > You mean this: > > da97e18458fb ("perf_event: Add support for LSM and SELinux checks") > > ? Yes, I do. This feature greatly adds up into MAC access control [1], [2] for perf_events, additionally to already existing DAC [3]. However, there is still the whole other part of MAC story on the user space side. Fortunately MAC and DAC access control mechanisms designed in the way they are naturally layered and coexist in the system so I don't see any contradiction in advancing either mechanism to meet the demand of possible diverse use cases. There is no much rationale in providing favor to one or the other mechanism because together they constitute complete integrity of security access control and configurability for diverse use cases of perf_events. > >> Then the adoption could also require changes to the installed >> infrastructure just for the sake of adopting alternative access control mechanism. > > This is still very much true. It is just enough to imaging some HPC cluster or Cloud lab with several hundreds of nodes to be upgraded. Thanks, Alexey [1] https://en.wikipedia.org/wiki/Security-Enhanced_Linux [2] https://en.wikipedia.org/wiki/Mandatory_access_control [3] https://en.wikipedia.org/wiki/Discretionary_access_control