Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp526131ybv; Wed, 5 Feb 2020 09:39:48 -0800 (PST) X-Google-Smtp-Source: APXvYqylxZXmeWsbgaLVKK0TGbu3k6GAmUYxz+a8TJLbYaRLLm3m5uX4VrIYrdSJ7TjyYfcShODS X-Received: by 2002:a9d:7305:: with SMTP id e5mr25656901otk.64.1580924388177; Wed, 05 Feb 2020 09:39:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580924388; cv=none; d=google.com; s=arc-20160816; b=ZC0rlKJrTpTrIY1jMjcPVwqnX3E8zAuQBb7ZMtZq37JkDLnCwwCBkVkiuFg8HYeFFj bN++AdsW9sKFRxCgTomqJ6cszCrMVeFHRI7oUR9jSaHsmRFz+TnmDDCT9GUOs6cnXBIg yCZpAmwDvaZvWgDRjRlueJE3WlDVIXoZGv7eJlZeswGV/zpfIyFBns9s/JnfhjkD2Hh3 6GYI6JlO/vxX5G8bvk1WsZaqkU9d+aP7eKOl0thIdf5G3OvR+3eoizMYUjDbkqK2/GGn a+npL2T4q4lpFeXJO7N3AOGwQYEXkyCN1//fJqUTwsXgy4uU4l3UCj8iaErKePNJH2Sj RdEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:references:cc:to:from:subject; bh=x60lxbWpTN9HPfHhL4HJBegMvu2tSon9h58gyfvgFUg=; b=PCvhQsgSYk335np/RatqZD0LDRicV2cS7NnH72Px/aIHbezlOB9RwihfmuWlGD0QPd lJ9/6ebVd8jISklOt9NcFS5wKfBy3HeQxF4wHQj5jRO/2kgPMo3bFYDKTZpnwwgNH6gN z6oZLvYLhQWFJqS15AmruPXShSwl0P6vZxaJvpxNvqum4/TtZYJhO2A6GhlNmynVNROt kTb3ZaQu0UloBMsquMyrM4E0ulhxE7Z9wBndDHcmqnxy1sdqxT4E01vmRcDuyACfR7R9 teOt7N/ezubZDv2BJ/ZaFqtYIUVjl8nddWIwTRWFKYbQEa4hc81d2d1IGxZG7cRgCaW3 1IZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e8si368440oie.96.2020.02.05.09.39.35; Wed, 05 Feb 2020 09:39:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727309AbgBERhZ (ORCPT + 99 others); Wed, 5 Feb 2020 12:37:25 -0500 Received: from mga04.intel.com ([192.55.52.120]:18640 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726678AbgBERhZ (ORCPT ); Wed, 5 Feb 2020 12:37:25 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Feb 2020 09:37:25 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,406,1574150400"; d="scan'208";a="225024006" Received: from linux.intel.com ([10.54.29.200]) by fmsmga007.fm.intel.com with ESMTP; 05 Feb 2020 09:37:24 -0800 Received: from [10.252.5.149] (abudanko-mobl.ccr.corp.intel.com [10.252.5.149]) by linux.intel.com (Postfix) with ESMTP id 77F3C5802BC; Wed, 5 Feb 2020 09:37:17 -0800 (PST) Subject: [PATCH v6 10/10] drivers/oprofile: open access for CAP_PERFMON privileged process From: Alexey Budankov To: James Morris , Serge Hallyn , Stephen Smalley , Peter Zijlstra , Arnaldo Carvalho de Melo , Ingo Molnar , "joonas.lahtinen@linux.intel.com" , Alexei Starovoitov , Will Deacon , Paul Mackerras , Michael Ellerman Cc: Andi Kleen , Thomas Gleixner , Stephane Eranian , Igor Lubashev , Jiri Olsa , linux-kernel , "intel-gfx@lists.freedesktop.org" , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" , linux-arm-kernel , "linuxppc-dev@lists.ozlabs.org" , "linux-parisc@vger.kernel.org" , oprofile-list@lists.sf.net References: <576a6141-36d4-14c0-b395-8d195892b916@linux.intel.com> Organization: Intel Corp. Message-ID: Date: Wed, 5 Feb 2020 20:37:16 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 MIME-Version: 1.0 In-Reply-To: <576a6141-36d4-14c0-b395-8d195892b916@linux.intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Open access to monitoring for CAP_PERFMON privileged process. Providing the access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes operation more secure. CAP_PERFMON implements the principal of least privilege for performance monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39 principle of least privilege: A security design principle that states that a process or program be granted only those privileges (e.g., capabilities) necessary to accomplish its legitimate function, and only for the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov --- drivers/oprofile/event_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/oprofile/event_buffer.c b/drivers/oprofile/event_buffer.c index 12ea4a4ad607..6c9edc8bbc95 100644 --- a/drivers/oprofile/event_buffer.c +++ b/drivers/oprofile/event_buffer.c @@ -113,7 +113,7 @@ static int event_buffer_open(struct inode *inode, struct file *file) { int err = -EPERM; - if (!capable(CAP_SYS_ADMIN)) + if (!perfmon_capable()) return -EPERM; if (test_and_set_bit_lock(0, &buffer_opened)) -- 2.20.1