Re: [PATCH v8 12/12] doc/admin-guide: update kernel.rst with CAP_PERFMON information
From: Arnaldo Carvalho de Melo
Date: Sun Apr 05 2020 - 11:06:12 EST
Em Sun, Apr 05, 2020 at 05:54:37PM +0300, Alexey Budankov escreveu:
>
> On 05.04.2020 17:41, Alexey Budankov wrote:
> >
> > On 05.04.2020 17:10, Arnaldo Carvalho de Melo wrote:
> >> Em Thu, Apr 02, 2020 at 11:54:39AM +0300, Alexey Budankov escreveu:
> >>>
> >>> Update kernel.rst documentation file with the information
> >>> related to usage of CAP_PERFMON capability to secure performance
> >>> monitoring and observability operations in system.
> >>
> >> This one is failing in my perf/core branch, please take a look. I'm
>
> Please try applying this:
Thanks, applied with the original commit log message,
- Arnaldo
> ---
> Documentation/admin-guide/sysctl/kernel.rst | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
> index 335696d3360d..aaa5bbcd1e33 100644
> --- a/Documentation/admin-guide/sysctl/kernel.rst
> +++ b/Documentation/admin-guide/sysctl/kernel.rst
> @@ -709,7 +709,13 @@ perf_event_paranoid
> ===================
>
> Controls use of the performance events system by unprivileged
> -users (without CAP_SYS_ADMIN). The default value is 2.
> +users (without CAP_PERFMON). The default value is 2.
> +
> +For backward compatibility reasons access to system performance
> +monitoring and observability remains open for CAP_SYS_ADMIN
> +privileged processes but CAP_SYS_ADMIN usage for secure system
> +performance monitoring and observability operations is discouraged
> +with respect to CAP_PERFMON use cases.
>
> === ==================================================================
> -1 Allow use of (almost) all events by all users.
> @@ -718,13 +724,13 @@ users (without CAP_SYS_ADMIN). The default value is 2.
> ``CAP_IPC_LOCK``.
>
> >=0 Disallow ftrace function tracepoint by users without
> - ``CAP_SYS_ADMIN``.
> + ``CAP_PERFMON``.
>
> - Disallow raw tracepoint access by users without ``CAP_SYS_ADMIN``.
> + Disallow raw tracepoint access by users without ``CAP_PERFMON``.
>
> ->=1 Disallow CPU event access by users without ``CAP_SYS_ADMIN``.
> +>=1 Disallow CPU event access by users without ``CAP_PERFMON``.
>
> ->=2 Disallow kernel profiling by users without ``CAP_SYS_ADMIN``.
> +>=2 Disallow kernel profiling by users without ``CAP_PERFMON``.
> === ==================================================================
>
> ---
>
> Thanks,
> Alexey
>
> >
> > Trying to reproduce right now. What kind of failure do you see?
> > Please share some specifics so I could follow up properly.
> >
> > Thanks,
> > Alexey
> >
> >> pushing my perf/core branch with this series applied, please check that
> >> everything is ok, I'll do some testing now, but it all seems ok.
> >>
> >> Thanks,
> >>
> >> - Arnaldo
> >>
> >>> Signed-off-by: Alexey Budankov <alexey.budankov@xxxxxxxxxxxxxxx>
> >>> ---
> >>> Documentation/admin-guide/sysctl/kernel.rst | 16 +++++++++++-----
> >>> 1 file changed, 11 insertions(+), 5 deletions(-)
> >>>
> >>> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
> >>> index def074807cee..b06ae9389809 100644
> >>> --- a/Documentation/admin-guide/sysctl/kernel.rst
> >>> +++ b/Documentation/admin-guide/sysctl/kernel.rst
> >>> @@ -720,20 +720,26 @@ perf_event_paranoid:
> >>> ====================
> >>>
> >>> Controls use of the performance events system by unprivileged
> >>> -users (without CAP_SYS_ADMIN). The default value is 2.
> >>> +users (without CAP_PERFMON). The default value is 2.
> >>> +
> >>> +For backward compatibility reasons access to system performance
> >>> +monitoring and observability remains open for CAP_SYS_ADMIN
> >>> +privileged processes but CAP_SYS_ADMIN usage for secure system
> >>> +performance monitoring and observability operations is discouraged
> >>> +with respect to CAP_PERFMON use cases.
> >>>
> >>> === ==================================================================
> >>> -1 Allow use of (almost) all events by all users
> >>>
> >>> Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK
> >>>
> >>> ->=0 Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN
> >>> +>=0 Disallow ftrace function tracepoint by users without CAP_PERFMON
> >>>
> >>> - Disallow raw tracepoint access by users without CAP_SYS_ADMIN
> >>> + Disallow raw tracepoint access by users without CAP_PERFMON
> >>>
> >>> ->=1 Disallow CPU event access by users without CAP_SYS_ADMIN
> >>> +>=1 Disallow CPU event access by users without CAP_PERFMON
> >>>
> >>> ->=2 Disallow kernel profiling by users without CAP_SYS_ADMIN
> >>> +>=2 Disallow kernel profiling by users without CAP_PERFMON
> >>> === ==================================================================
> >>>
> >>>
> >>> --
> >>> 2.24.1
> >>>
> >>
--
- Arnaldo