Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp489951pxx; Wed, 28 Oct 2020 09:29:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz7b1rXEPPE+vCJRn67MEgs1O78mt3AXFFUOhsAWi2wSwziquaKn4Pxgv9XpKT4KWdKvdFE X-Received: by 2002:a50:fd17:: with SMTP id i23mr8194627eds.50.1603902576992; Wed, 28 Oct 2020 09:29:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603902576; cv=none; d=google.com; s=arc-20160816; b=hCt4K2e3gVuz0YWmtZT12/jerFajaq4ov/PE5bdbtRlryb9lbRK4oxejjVM/zKlgQ/ W4ztz9eYT5GXwfwv45L8Q32nf0JB/zaQi+xek/Zi23XWZYSb0b6i3z9jGSToNaLV7oyG hEzdSPSg79uBLTRMZn3I0VGJFeci2NJGAtPGebucAi4hZWU2b4qb7w9/LYMwW0ddckRP MVJyrXFI7AImda2z7BBAYH6Gy8gcljXY1/slMgslPBxQnETnyQVw0O2v4Y4x1UszcRRD h8eoPv9h5zCeCk4xNPtOro/7THC0yD+GdAC/OtakAWdC1Eu35aK7QFmuLdssWMmt8/QO bqjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:reply-to :in-reply-to:references:mime-version:dkim-signature; bh=ygOSwavUaW0pTppOkzJdX4ZJ3BQzpI7ADGPvlL65ezw=; b=SydMkSh5zz/bgt12sXg3V/8eUv3CSWEgscLde2XihGo1n14gaVJaIQJiP9O9d6Cy2Q InD8IFyCKgD4lv49dpr1lc1TOKYPgmH45S/PIvapd5kYr0+r2fbyw+NZcV/VQkZEZeYZ unYN8ZF6aPEH0+0rpuZtXYPRrClzjt1ZUe10wXE3s1igM5DBssRDV0KvcFhIigoPE4IW SV2QiwhS4BmYgnWlicGrO/IB4WDcNl2jeO3MUomiipczzd4AQp+QBKAw1HtxzScCKdnA 9oTSjKSg8yNVWiJoXRxSI29VGgz1eaF1Rco8p3h042k5mFMEKZ5KOFB99w0brc9gpx6k fe8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="NcqL/NTT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h6si3894478ejd.632.2020.10.28.09.29.14; Wed, 28 Oct 2020 09:29:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="NcqL/NTT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1817005AbgJ0RLt (ORCPT + 99 others); Tue, 27 Oct 2020 13:11:49 -0400 Received: from mail-ot1-f65.google.com ([209.85.210.65]:34766 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1786275AbgJ0RLr (ORCPT ); Tue, 27 Oct 2020 13:11:47 -0400 Received: by mail-ot1-f65.google.com with SMTP id k3so1801865otp.1; Tue, 27 Oct 2020 10:11:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=ygOSwavUaW0pTppOkzJdX4ZJ3BQzpI7ADGPvlL65ezw=; b=NcqL/NTTGMcAVl6cdeNrDhTloOeu4INI0fdbVDvhQCUVc8Oc0l/1beXwIpojf3Jv7p QhTGOVLfi9cGnfBlRHpIR1GgWTIwzBmSTWNP28UVAqInvwQuzzakHv7dCoNzY2acBBBh f51sC0PyRNUY3xf7vv9NSLJqnrU7UqfZJFn7C3S0mIk50YzQiNixRk10iuH8kvfZlJPK wZdiQ5HnYkK+biZW4WEHIbYwH4fNI18aA7EGhHEv3HQbkqyfGXceZquB0Rtt7xYBXzfz TW+uRxEqP2dsJmMLIFEetnRdS1AWecI4AvWDpP4wmIsrxKowEfYkwkmNc3wGJ8OqXiyQ T7KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=ygOSwavUaW0pTppOkzJdX4ZJ3BQzpI7ADGPvlL65ezw=; b=EV01cMnt/EgNnARpqxCnSgOWegrT+wfP7bF8G/zHZu4JCsSddXAHnTKRgh6dRERVaJ HqCkoNvyym0d/XkSQRZEaplhdebXtKE0HjsUbdK9FMoOujhXELivocTjGcY0RheEUIWF UDqDlzN1qgvboK0ZVqXbhzzBw8/pjMSn1zrqOIa1cYGCSejzakA5bUNrX9Oc4T0Regu/ cd5jvfmkBufRAV/UvaO28rYxb6h5QmPEfG61lSFvhTqFzwBAHrNwLkfOf5wk9W/SXFG0 6gqL+nq/TbgvSGJMdEsVJQeHnSIWUiyqChIRANyOa5yULqqLaV6JqPwO3xoTYS2VCqnf n1zg== X-Gm-Message-State: AOAM533mME9EzRtk5hatjHUuSM4leGP809W7gSO3rgnHy4QBwuGm1IWw UgDTgoJTVaDPPT/tfmpwmrIdbT663TJXbznPPrM= X-Received: by 2002:a9d:12d3:: with SMTP id g77mr1782884otg.323.1603818706173; Tue, 27 Oct 2020 10:11:46 -0700 (PDT) MIME-Version: 1.0 References: <33c10554-c0ee-9e46-2946-67a9deac6752@linux.intel.com> <190971ba-31f1-ca41-60a9-38989fe82a64@gmail.com> In-Reply-To: Reply-To: mtk.manpages@gmail.com From: "Michael Kerrisk (man-pages)" Date: Tue, 27 Oct 2020 18:11:34 +0100 Message-ID: Subject: Re: [PATCH v2] perf_event_open.2: update the man page with CAP_PERFMON related information To: Alexey Budankov Cc: Arnaldo Carvalho de Melo , Jiri Olsa , Namhyung Kim , Alexander Shishkin , Peter Zijlstra , Ingo Molnar , Andi Kleen , linux-man , "linux-security-module@vger.kernel.org" , linux-kernel Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 27 Oct 2020 at 18:10, Alexey Budankov wrote: > > > On 27.10.2020 19:57, Michael Kerrisk (man-pages) wrote: > > Hello Alexey, > > > > On 10/27/20 5:48 PM, Alexey Budankov wrote: > >> > >> Extend perf_event_open 2 man page with the information about > >> CAP_PERFMON capability designed to secure performance monitoring > >> and observability operation in a system according to the principle > >> of least privilege [1] (POSIX IEEE 1003.1e, 2.2.2.39). > >> > >> [1] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf > >> > >> Signed-off-by: Alexey Budankov > > > > Thanks for this. I've applied. I have a few questions/comments below. > > > >> --- > >> man2/perf_event_open.2 | 32 ++++++++++++++++++++++++++++++-- > >> 1 file changed, 30 insertions(+), 2 deletions(-) > >> > >> diff --git a/man2/perf_event_open.2 b/man2/perf_event_open.2 > >> index 4827a359d..9810bc554 100644 > >> --- a/man2/perf_event_open.2 > >> +++ b/man2/perf_event_open.2 > >> @@ -97,6 +97,8 @@ when running on the specified CPU. > >> .BR "pid == \-1" " and " "cpu >= 0" > >> This measures all processes/threads on the specified CPU. > >> This requires > >> +.B CAP_PERFMON > >> +(since Linux 5.8) or > >> .B CAP_SYS_ADMIN > >> capability or a > >> .I /proc/sys/kernel/perf_event_paranoid > >> @@ -108,9 +110,11 @@ This setting is invalid and will return an error. > >> When > >> .I pid > >> is greater than zero, permission to perform this system call > >> -is governed by a ptrace access mode > >> +is governed by > >> +.B CAP_PERFMON > >> +(since Linux 5.9) and a ptrace access mode > > > > I want to check: did you really mean 5.9 here? (Everywhere else, > > 5.8 is mentioned, but perhaps this change came in the next kernel > > version.) > > Yes, it is not a typo. This thing was merged into v5.9. > > Thanks, > Alexei Thanks, Alexei! -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/