Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp513414ybv; Fri, 7 Feb 2020 03:40:12 -0800 (PST) X-Google-Smtp-Source: APXvYqxylFmxbUtesCIC8RXCcfbKUWlzULsDIIZtYxz0z0ze1ElqGXAV8Uvb+fdT9gZY/NE806Rm X-Received: by 2002:aca:3805:: with SMTP id f5mr1818955oia.6.1581075611901; Fri, 07 Feb 2020 03:40:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581075611; cv=none; d=google.com; s=arc-20160816; b=FySSkdWDnjkUuHulf31IIQciuEvTwL5mYiE5DI+A0NMxP6SAUUDh2tVWVn32uBOQtv LzjXT+fb8fnFOpDtTQO5KISk2FONK+61LwA4iTzwID8qLVp1SH6uKKfKkgJOuOdNwSdj Knq6J1qWlOAUs59ZSZ4eKsmHxBYEQsA0R3yXB5QJh0uuB7mDk1hEJoDeN8f1h54uJdmP IohiRhFxnf0ndCdCw6eumNszr8L5CGt5hskMQfcLvMkWaB/hwroQehYeTyrKT3SoLpuX UqMdIfE3THpIZFF5HMVOkP9f+I6X2O+3iHLDzQARRYReThTt1iT5W87QS8HF6RQb7wxt g49Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:in-reply-to:subject:cc:to:from; bh=MdmHUaU6qrHqc5t+HYO8pGAEfMlbC3+7UIeR+VNYHqU=; b=W86SdaOSaO63YLLbS4s7aRtBe6AkTWtNOwmrWYBzUTZRCbDZvFgCWqXtmkR2rPdLaq tjhk0OjvAYYfTiI99eBGLJZGgBkrCVyFAMbeDv3wmPPWSQ0m5/OWFL4jDF5yosqmE3BG J0vgt5hp3waUSNFSMBu8klrZVBo+CAlRsuuLrRYHIwxtJ0LzSLMEa5sBkbiiuccfsEe6 U/ltOQ9ZTEnf3styNugEeriwh5VgiUF4G2ltbvmDXidPfV8TyYFwaqcowErt3gz5Uk5I IZQUeHRgL+QK00t97EFs2W03umj9xtayG07nqTalqpGuq3jcEXQx9DzTKsF3hlMp695P fDSw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t20si1386445otr.64.2020.02.07.03.39.59; Fri, 07 Feb 2020 03:40:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726954AbgBGLjJ convert rfc822-to-8bit (ORCPT + 99 others); Fri, 7 Feb 2020 06:39:09 -0500 Received: from Galois.linutronix.de ([193.142.43.55]:40120 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726798AbgBGLjI (ORCPT ); Fri, 7 Feb 2020 06:39:08 -0500 Received: from p5b06da22.dip0.t-ipconnect.de ([91.6.218.34] helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1j01xc-000288-1g; Fri, 07 Feb 2020 12:38:12 +0100 Received: by nanos.tec.linutronix.de (Postfix, from userid 1000) id 7CCA5100375; Fri, 7 Feb 2020 11:38:11 +0000 (GMT) From: Thomas Gleixner To: Alexey Budankov , Stephen Smalley , Serge Hallyn , James Morris Cc: Alexei Starovoitov , Peter Zijlstra , Arnaldo Carvalho de Melo , Ingo Molnar , "jani.nikula\@linux.intel.com" , "joonas.lahtinen\@linux.intel.com" , "rodrigo.vivi\@intel.com" , "benh\@kernel.crashing.org" , Paul Mackerras , Michael Ellerman , Will Deacon , Mark Rutland , Robert Richter , Alexei Starovoitov , Jiri Olsa , Andi Kleen , Stephane Eranian , Igor Lubashev , Alexander Shishkin , Namhyung Kim , Song Liu , Lionel Landwerlin , linux-kernel , "linux-security-module\@vger.kernel.org" , "selinux\@vger.kernel.org" , "intel-gfx\@lists.freedesktop.org" , "linux-parisc\@vger.kernel.org" , "linuxppc-dev\@lists.ozlabs.org" , linux-arm-kernel , "linux-perf-users\@vger.kernel.org" , oprofile-list@lists.sf.net, Andy Lutomirski Subject: Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space In-Reply-To: <2b608e26-354b-3df9-aea9-58e56dc0c5e5@linux.intel.com> Date: Fri, 07 Feb 2020 11:38:11 +0000 Message-ID: <875zgizkyk.fsf@nanos.tec.linutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Alexey Budankov writes: > On 22.01.2020 17:25, Alexey Budankov wrote: >> On 22.01.2020 17:07, Stephen Smalley wrote: >>>> It keeps the implementation simple and readable. The implementation is more >>>> performant in the sense of calling the API - one capable() call for CAP_PERFMON >>>> privileged process. >>>> >>>> Yes, it bloats audit log for CAP_SYS_ADMIN privileged and unprivileged processes, >>>> but this bloating also advertises and leverages using more secure CAP_PERFMON >>>> based approach to use perf_event_open system call. >>> >>> I can live with that.  We just need to document that when you see >>> both a CAP_PERFMON and a CAP_SYS_ADMIN audit message for a process, >>> try only allowing CAP_PERFMON first and see if that resolves the >>> issue.  We have a similar issue with CAP_DAC_READ_SEARCH versus >>> CAP_DAC_OVERRIDE. >> >> perf security [1] document can be updated, at least, to align and document >> this audit logging specifics. > > And I plan to update the document right after this patch set is accepted. > Feel free to let me know of the places in the kernel docs that also > require update w.r.t CAP_PERFMON extension. The documentation update wants be part of the patch set and not planned to be done _after_ the patch set is merged. Thanks, tglx