Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp4509735ybv; Mon, 17 Feb 2020 00:14:46 -0800 (PST) X-Google-Smtp-Source: APXvYqxnz88f/lniRVWpH9e8UEduVUGYYhe2x65Ktc+IjVIr2YiFuDE1RTAytwzJfoUK43ys0MEp X-Received: by 2002:a05:6830:1:: with SMTP id c1mr10398160otp.254.1581927286416; Mon, 17 Feb 2020 00:14:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581927286; cv=none; d=google.com; s=arc-20160816; b=qVLx8XvzG8ST5ifqiKVcWGsQ0V8lkxJXHNAw0kcLzWI/ABTGar8o3UYsvOYZmd+Auv rydJn1j5OC23m4yPf0m7VjBf0wHpOHpLdl2puDiCeNJ+ifxazPHqPqeekZMtD+g5XGGN E1DaqpkUkU1QIzSEleIpEDczdGGHeDMvfe3JuXbAbNUorxPHBcOOYUftBlCvxfB5gQvB 37caVp8GGIuvCY4ZtME3xY1o05avt0MB9dyWehF2JxUV4asUAfslf53w8MMU7NyVQHRK gdkjRHzRrpYIiVit91Jfu0yRa+biwnKL0oWul8/mECfLrk+L4PEdlC9F1La/ErCzdJ00 3PfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:references:cc:to:from:subject; bh=PKfjhZ8F+8+OK+LyJ9TwL3K/hP/VlEPZ5gmMqbyTcxE=; b=L/8Nhxo0ofaI41P8h626UHIBMaIw1Gd7EjqpTOYukObvyKnTj+Cnifca2+EMBttBIh JP5j3Tck1GI07oXNXCtUxOf1OP6polkAhCc0WvkQuNEL34g3QmIAM4RpZY3TFVqU9aun PSGwriRAAqk2SGh1B4bBq/fLH9nlF/qGjKebQo1Ih3cKtXHSzzHiZArLnr0HOtFSLQ0d 5gQ4KeCkgcNTNCgc7H/MUzTu2N+yzNUQc61zJCzNXwOSu7I011JsjeZpP5syGt18MOrT bi6zWgjXGEsTquvA4BWxp/tXhNiBsjZpkksnnQbsTp82sTnW18QRxQkwSPTyEpmEpWO8 +bMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i6si6662015oth.182.2020.02.17.00.14.33; Mon, 17 Feb 2020 00:14:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727976AbgBQINt (ORCPT + 99 others); Mon, 17 Feb 2020 03:13:49 -0500 Received: from mga07.intel.com ([134.134.136.100]:6404 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726414AbgBQINt (ORCPT ); Mon, 17 Feb 2020 03:13:49 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Feb 2020 00:13:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,451,1574150400"; d="scan'208";a="435475567" Received: from linux.intel.com ([10.54.29.200]) by fmsmga006.fm.intel.com with ESMTP; 17 Feb 2020 00:13:47 -0800 Received: from [10.125.252.180] (abudanko-mobl.ccr.corp.intel.com [10.125.252.180]) by linux.intel.com (Postfix) with ESMTP id 1684E5804A2; Mon, 17 Feb 2020 00:13:40 -0800 (PST) Subject: [PATCH v7 12/12] doc/admin-guide: update kernel.rst with CAP_PERFMON information From: Alexey Budankov To: James Morris , Serge Hallyn , Stephen Smalley , Peter Zijlstra , Arnaldo Carvalho de Melo , Ingo Molnar , "joonas.lahtinen@linux.intel.com" , Alexei Starovoitov , Will Deacon , Paul Mackerras , Helge Deller , Thomas Gleixner Cc: Andi Kleen , Stephane Eranian , Igor Lubashev , Jiri Olsa , linux-kernel , "intel-gfx@lists.freedesktop.org" , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" , linux-arm-kernel , "linuxppc-dev@lists.ozlabs.org" , "linux-parisc@vger.kernel.org" , oprofile-list@lists.sf.net, "linux-doc@vger.kernel.org" , linux-man@vger.kernel.org References: Organization: Intel Corp. Message-ID: Date: Mon, 17 Feb 2020 11:13:39 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Update kernel.rst documentation file with the information related to usage of CAP_PERFMON capability to secure performance monitoring and observability operations in system. Signed-off-by: Alexey Budankov --- Documentation/admin-guide/sysctl/kernel.rst | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index def074807cee..b06ae9389809 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -720,20 +720,26 @@ perf_event_paranoid: ==================== Controls use of the performance events system by unprivileged -users (without CAP_SYS_ADMIN). The default value is 2. +users (without CAP_PERFMON). The default value is 2. + +For backward compatibility reasons access to system performance +monitoring and observability remains open for CAP_SYS_ADMIN +privileged processes but CAP_SYS_ADMIN usage for secure system +performance monitoring and observability operations is discouraged +with respect to CAP_PERFMON use cases. === ================================================================== -1 Allow use of (almost) all events by all users Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK ->=0 Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN +>=0 Disallow ftrace function tracepoint by users without CAP_PERFMON - Disallow raw tracepoint access by users without CAP_SYS_ADMIN + Disallow raw tracepoint access by users without CAP_PERFMON ->=1 Disallow CPU event access by users without CAP_SYS_ADMIN +>=1 Disallow CPU event access by users without CAP_PERFMON ->=2 Disallow kernel profiling by users without CAP_SYS_ADMIN +>=2 Disallow kernel profiling by users without CAP_PERFMON === ================================================================== -- 2.20.1