Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3622429ybz; Mon, 20 Apr 2020 06:29:21 -0700 (PDT) X-Google-Smtp-Source: APiQypJHZat2Gmu7KAempAO+rHJR49l5urvL2N4gDM/VHhTLgYCX7UJtNKbl0zvEzJesleZRN9Ky X-Received: by 2002:a05:6402:1597:: with SMTP id c23mr9071910edv.353.1587389361252; Mon, 20 Apr 2020 06:29:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587389361; cv=none; d=google.com; s=arc-20160816; b=dDIH2Ep1Ufx5raOlGQhSediau0M6CKS43KVeITCcFFPBsYn+vOvB0/Q0iACkvomv/7 HYNykXQP3y89EkUIYR1upAlBtXRu2jna3PxVajjfX7bkPM8ekQNoLtcDvJyKGQO44gZ6 8RUJy/a9i3Lm3z0tWdOR+HF/1I12iss5EIOCbLuvUSmr2MFO51CIbh0zUqFE9W1Expdb lso9HMkCHK/NUmm7vTFiAoxLsUDOMF9muEW8avgjHPR0wRyvm/Wqg30dOltn6H8qZenA ZFknpP11gAmtruvc2zgiHA9nrh4BpxLqrZLWtjGY7LFXnmQ2ZkNI5MLTe0vFyT7+Ek5c lLzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=okPu0LIXhHjbcERSA8I3OJsvNdelR8NPYEtGN1p4Oa4=; b=cb19PbkD7A0xJIY7SWmXhfbzHd0F8xHbSCWdIiOzpYYvEOJKUXafAomBM1AL0MKv/m 7uh8bpwEx7PvFkqanHSbhG+6E2a/2MfRYM/JK/4Xo4BkIuWIpsd/lEI8qoT7NxcUzafx 8wlhUtGf1GkysA9+cximI6XhGK6Y2/zOREZytNrb5ulqCrl9awOa79gua4Mi5JcHRMEu ygPzdmFTXInypPz4rDyc0MtTRUIidox0iGlJKoD+Xxf4gvjRKZ+HrBpOr6gdFPzbBzdK bruXCNjylsKxNNgN1i81+67vjt030CoaN2iDxtcAPXfafxZVv/Ae3GJ+t9veHBsARApz KU0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="K2wA/sfF"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h1si552554ejd.517.2020.04.20.06.28.57; Mon, 20 Apr 2020 06:29:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="K2wA/sfF"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726838AbgDTLyw (ORCPT + 99 others); Mon, 20 Apr 2020 07:54:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:38608 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726821AbgDTLyv (ORCPT ); Mon, 20 Apr 2020 07:54:51 -0400 Received: from quaco.ghostprotocols.net (unknown [179.97.37.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8202A21927; Mon, 20 Apr 2020 11:54:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587383690; bh=VEov1HC8kgX2JVYBtf5NvQb82wHeJ2/NnuqpEyj7U+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K2wA/sfFxecLv7R81Z3L8nQRfJzTKMqNt+FJN7nLvkxV66mZfO5u6jy9LnBfkf7ed 5jEJkZFGY7O11EbRbNmJ3pqEsYFpuOjmCkheRSJjCJxnsyW0RoFGzomKUWICd6Rzqx HE2UHsV3PClSWDXhumCf8dh4djMaGw2rLR076hRY= From: Arnaldo Carvalho de Melo To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Alexey Budankov , Alexei Starovoitov , Andi Kleen , Igor Lubashev , James Morris , Jiri Olsa , Peter Zijlstra , Serge Hallyn , Song Liu , Stephane Eranian , intel-gfx@lists.freedesktop.org, linux-doc@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 16/60] doc/admin-guide: update kernel.rst with CAP_PERFMON information Date: Mon, 20 Apr 2020 08:52:32 -0300 Message-Id: <20200420115316.18781-17-acme@kernel.org> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200420115316.18781-1-acme@kernel.org> References: <20200420115316.18781-1-acme@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alexey Budankov Update the kernel.rst documentation file with the information related to usage of CAP_PERFMON capability to secure performance monitoring and observability operations in system. Signed-off-by: Alexey Budankov Cc: Alexei Starovoitov Cc: Andi Kleen Cc: Igor Lubashev Cc: James Morris Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Serge Hallyn Cc: Song Liu Cc: Stephane Eranian Cc: Thomas Gleixner Cc: intel-gfx@lists.freedesktop.org Cc: linux-doc@vger.kernel.org Cc: linux-man@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org Link: http://lore.kernel.org/lkml/84c32383-14a2-fa35-16b6-f9e59bd37240@linux.intel.com Signed-off-by: Arnaldo Carvalho de Melo --- Documentation/admin-guide/sysctl/kernel.rst | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index 39c95c0e13d3..7e4c28dfc9ca 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -730,7 +730,13 @@ perf_event_paranoid =================== Controls use of the performance events system by unprivileged -users (without CAP_SYS_ADMIN). The default value is 2. +users (without CAP_PERFMON). The default value is 2. + +For backward compatibility reasons access to system performance +monitoring and observability remains open for CAP_SYS_ADMIN +privileged processes but CAP_SYS_ADMIN usage for secure system +performance monitoring and observability operations is discouraged +with respect to CAP_PERFMON use cases. === ================================================================== -1 Allow use of (almost) all events by all users. @@ -739,13 +745,13 @@ users (without CAP_SYS_ADMIN). The default value is 2. ``CAP_IPC_LOCK``. >=0 Disallow ftrace function tracepoint by users without - ``CAP_SYS_ADMIN``. + ``CAP_PERFMON``. - Disallow raw tracepoint access by users without ``CAP_SYS_ADMIN``. + Disallow raw tracepoint access by users without ``CAP_PERFMON``. ->=1 Disallow CPU event access by users without ``CAP_SYS_ADMIN``. +>=1 Disallow CPU event access by users without ``CAP_PERFMON``. ->=2 Disallow kernel profiling by users without ``CAP_SYS_ADMIN``. +>=2 Disallow kernel profiling by users without ``CAP_PERFMON``. === ================================================================== -- 2.21.1