From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: "Lubashev, Igor" <ilubashe@akamai.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
Casey Schaufler <casey@schaufler-ca.com>,
"serge@hallyn.com" <serge@hallyn.com>,
James Morris <jmorris@namei.org>
Cc: Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>, Jann Horn <jannh@google.com>,
Kees Cook <keescook@chromium.org>,
Thomas Gleixner <tglx@linutronix.de>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"bgregg@netflix.com" <bgregg@netflix.com>,
Song Liu <songliubraving@fb.com>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process
Date: Mon, 16 Dec 2019 20:12:02 +0300 [thread overview]
Message-ID: <c471a28b-6620-9b0a-4b6e-43f4956202cd@linux.intel.com> (raw)
In-Reply-To: <9316a1ab21f6441eb2b421acb818a2a1@ustx2ex-dag1mb6.msg.corp.akamai.com>
On 16.12.2019 19:12, Lubashev, Igor wrote:
> On Mon, Dec 16, 2019 at 2:15 AM, Alexey Budankov <alexey.budankov@linux.intel.com> wrote:
>>
>> Open access to perf_events monitoring for CAP_SYS_PERFMON privileged
>> processes.
>> For backward compatibility reasons access to perf_events subsystem remains
>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage
>> for secure perf_events monitoring is discouraged with respect to
>> CAP_SYS_PERFMON capability.
>>
>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>> ---
>> include/linux/perf_event.h | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index
>> 34c7c6910026..52313d2cc343 100644
>> --- a/include/linux/perf_event.h
>> +++ b/include/linux/perf_event.h
>> @@ -1285,7 +1285,8 @@ static inline int perf_is_paranoid(void)
>>
>> static inline int perf_allow_kernel(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_KERNEL); @@
>> -1293,7 +1294,8 @@ static inline int perf_allow_kernel(struct
>> perf_event_attr *attr)
>>
>> static inline int perf_allow_cpu(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 0 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 0 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_CPU); @@ -
>> 1301,7 +1303,8 @@ static inline int perf_allow_cpu(struct perf_event_attr
>> *attr)
>>
>> static inline int perf_allow_tracepoint(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > -1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > -1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EPERM;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_TRACEPOINT);
>> --
>> 2.20.1
>
> Thanks. I like the idea of CAP_SYS_PERFMON that does not require CAP_SYS_ADMIN. It makes granting users ability to run perf a bit safer.
>
> I see a lot of "(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)" constructs now. Maybe wrapping it in an " inline bool perfmon_capable()" defined somewhere (like in /include/linux/capability.h)?
Sounds reasonable, thanks!
~Alexey
>
> - Igor
>
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: "Lubashev, Igor" <ilubashe@akamai.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
Casey Schaufler <casey@schaufler-ca.com>,
"serge@hallyn.com" <serge@hallyn.com>,
James Morris <jmorris@namei.org>
Cc: Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>, Jann Horn <jannh@google.com>,
Kees Cook <keescook@chromium.org>,
Thomas Gleixner <tglx@linutronix.de>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"bgregg@netflix.com" <bgregg@netflix.com>,
Song Liu <songliubraving@fb.com>"bpf@vger.kernel.org" <b>
Subject: Re: [PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process
Date: Mon, 16 Dec 2019 20:12:02 +0300 [thread overview]
Message-ID: <c471a28b-6620-9b0a-4b6e-43f4956202cd@linux.intel.com> (raw)
In-Reply-To: <9316a1ab21f6441eb2b421acb818a2a1@ustx2ex-dag1mb6.msg.corp.akamai.com>
On 16.12.2019 19:12, Lubashev, Igor wrote:
> On Mon, Dec 16, 2019 at 2:15 AM, Alexey Budankov <alexey.budankov@linux.intel.com> wrote:
>>
>> Open access to perf_events monitoring for CAP_SYS_PERFMON privileged
>> processes.
>> For backward compatibility reasons access to perf_events subsystem remains
>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage
>> for secure perf_events monitoring is discouraged with respect to
>> CAP_SYS_PERFMON capability.
>>
>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>> ---
>> include/linux/perf_event.h | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index
>> 34c7c6910026..52313d2cc343 100644
>> --- a/include/linux/perf_event.h
>> +++ b/include/linux/perf_event.h
>> @@ -1285,7 +1285,8 @@ static inline int perf_is_paranoid(void)
>>
>> static inline int perf_allow_kernel(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_KERNEL); @@
>> -1293,7 +1294,8 @@ static inline int perf_allow_kernel(struct
>> perf_event_attr *attr)
>>
>> static inline int perf_allow_cpu(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 0 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 0 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_CPU); @@ -
>> 1301,7 +1303,8 @@ static inline int perf_allow_cpu(struct perf_event_attr
>> *attr)
>>
>> static inline int perf_allow_tracepoint(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > -1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > -1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EPERM;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_TRACEPOINT);
>> --
>> 2.20.1
>
> Thanks. I like the idea of CAP_SYS_PERFMON that does not require CAP_SYS_ADMIN. It makes granting users ability to run perf a bit safer.
>
> I see a lot of "(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)" constructs now. Maybe wrapping it in an " inline bool perfmon_capable()" defined somewhere (like in /include/linux/capability.h)?
Sounds reasonable, thanks!
~Alexey
>
> - Igor
>
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: "Lubashev, Igor" <ilubashe@akamai.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
Casey Schaufler <casey@schaufler-ca.com>,
"serge@hallyn.com" <serge@hallyn.com>,
James Morris <jmorris@namei.org>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
Song Liu <songliubraving@fb.com>, Andi Kleen <ak@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
Jann Horn <jannh@google.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Stephane Eranian <eranian@google.com>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"bgregg@netflix.com" <bgregg@netflix.com>,
Jiri Olsa <jolsa@redhat.com>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>
Subject: Re: [PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process
Date: Mon, 16 Dec 2019 20:12:02 +0300 [thread overview]
Message-ID: <c471a28b-6620-9b0a-4b6e-43f4956202cd@linux.intel.com> (raw)
In-Reply-To: <9316a1ab21f6441eb2b421acb818a2a1@ustx2ex-dag1mb6.msg.corp.akamai.com>
On 16.12.2019 19:12, Lubashev, Igor wrote:
> On Mon, Dec 16, 2019 at 2:15 AM, Alexey Budankov <alexey.budankov@linux.intel.com> wrote:
>>
>> Open access to perf_events monitoring for CAP_SYS_PERFMON privileged
>> processes.
>> For backward compatibility reasons access to perf_events subsystem remains
>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage
>> for secure perf_events monitoring is discouraged with respect to
>> CAP_SYS_PERFMON capability.
>>
>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>> ---
>> include/linux/perf_event.h | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index
>> 34c7c6910026..52313d2cc343 100644
>> --- a/include/linux/perf_event.h
>> +++ b/include/linux/perf_event.h
>> @@ -1285,7 +1285,8 @@ static inline int perf_is_paranoid(void)
>>
>> static inline int perf_allow_kernel(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_KERNEL); @@
>> -1293,7 +1294,8 @@ static inline int perf_allow_kernel(struct
>> perf_event_attr *attr)
>>
>> static inline int perf_allow_cpu(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 0 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 0 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_CPU); @@ -
>> 1301,7 +1303,8 @@ static inline int perf_allow_cpu(struct perf_event_attr
>> *attr)
>>
>> static inline int perf_allow_tracepoint(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > -1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > -1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EPERM;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_TRACEPOINT);
>> --
>> 2.20.1
>
> Thanks. I like the idea of CAP_SYS_PERFMON that does not require CAP_SYS_ADMIN. It makes granting users ability to run perf a bit safer.
>
> I see a lot of "(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)" constructs now. Maybe wrapping it in an " inline bool perfmon_capable()" defined somewhere (like in /include/linux/capability.h)?
Sounds reasonable, thanks!
~Alexey
>
> - Igor
>
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: "Lubashev, Igor" <ilubashe@akamai.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
Casey Schaufler <casey@schaufler-ca.com>,
"serge@hallyn.com" <serge@hallyn.com>,
James Morris <jmorris@namei.org>
Cc: Song Liu <songliubraving@fb.com>, Andi Kleen <ak@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
Jann Horn <jannh@google.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Stephane Eranian <eranian@google.com>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
"bgregg@netflix.com" <bgregg@netflix.com>,
Jiri Olsa <jolsa@redhat.com>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>
Subject: Re: [Intel-gfx] [PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process
Date: Mon, 16 Dec 2019 20:12:02 +0300 [thread overview]
Message-ID: <c471a28b-6620-9b0a-4b6e-43f4956202cd@linux.intel.com> (raw)
In-Reply-To: <9316a1ab21f6441eb2b421acb818a2a1@ustx2ex-dag1mb6.msg.corp.akamai.com>
On 16.12.2019 19:12, Lubashev, Igor wrote:
> On Mon, Dec 16, 2019 at 2:15 AM, Alexey Budankov <alexey.budankov@linux.intel.com> wrote:
>>
>> Open access to perf_events monitoring for CAP_SYS_PERFMON privileged
>> processes.
>> For backward compatibility reasons access to perf_events subsystem remains
>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage
>> for secure perf_events monitoring is discouraged with respect to
>> CAP_SYS_PERFMON capability.
>>
>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>> ---
>> include/linux/perf_event.h | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index
>> 34c7c6910026..52313d2cc343 100644
>> --- a/include/linux/perf_event.h
>> +++ b/include/linux/perf_event.h
>> @@ -1285,7 +1285,8 @@ static inline int perf_is_paranoid(void)
>>
>> static inline int perf_allow_kernel(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_KERNEL); @@
>> -1293,7 +1294,8 @@ static inline int perf_allow_kernel(struct
>> perf_event_attr *attr)
>>
>> static inline int perf_allow_cpu(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > 0 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > 0 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EACCES;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_CPU); @@ -
>> 1301,7 +1303,8 @@ static inline int perf_allow_cpu(struct perf_event_attr
>> *attr)
>>
>> static inline int perf_allow_tracepoint(struct perf_event_attr *attr) {
>> - if (sysctl_perf_event_paranoid > -1 && !capable(CAP_SYS_ADMIN))
>> + if (sysctl_perf_event_paranoid > -1 &&
>> + !(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)))
>> return -EPERM;
>>
>> return security_perf_event_open(attr, PERF_SECURITY_TRACEPOINT);
>> --
>> 2.20.1
>
> Thanks. I like the idea of CAP_SYS_PERFMON that does not require CAP_SYS_ADMIN. It makes granting users ability to run perf a bit safer.
>
> I see a lot of "(capable(CAP_SYS_PERFMON) || capable(CAP_SYS_ADMIN)" constructs now. Maybe wrapping it in an " inline bool perfmon_capable()" defined somewhere (like in /include/linux/capability.h)?
Sounds reasonable, thanks!
~Alexey
>
> - Igor
>
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2019-12-16 17:12 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-16 7:00 [PATCH v2 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability Alexey Budankov
2019-12-16 7:00 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:00 ` Alexey Budankov
2019-12-16 7:00 ` Alexey Budankov
2019-12-16 7:14 ` [PATCH v2 1/7] capabilities: introduce CAP_SYS_PERFMON to kernel and user space Alexey Budankov
2019-12-16 7:14 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:14 ` Alexey Budankov
2019-12-16 7:14 ` Alexey Budankov
2019-12-16 14:04 ` Stephen Smalley
2019-12-16 14:04 ` [Intel-gfx] " Stephen Smalley
2019-12-16 14:04 ` Stephen Smalley
2019-12-16 7:15 ` [PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process Alexey Budankov
2019-12-16 7:15 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:15 ` Alexey Budankov
2019-12-16 7:15 ` Alexey Budankov
2019-12-16 16:12 ` Lubashev, Igor
2019-12-16 16:12 ` [Intel-gfx] " Lubashev, Igor
2019-12-16 16:12 ` Lubashev, Igor
2019-12-16 16:12 ` Lubashev, Igor
2019-12-16 16:33 ` Alexey Budankov
2019-12-16 16:33 ` [Intel-gfx] " Alexey Budankov
2019-12-16 16:33 ` Alexey Budankov
2019-12-16 16:33 ` Alexey Budankov
2019-12-16 17:12 ` Alexey Budankov [this message]
2019-12-16 17:12 ` [Intel-gfx] " Alexey Budankov
2019-12-16 17:12 ` Alexey Budankov
2019-12-16 17:12 ` Alexey Budankov
2019-12-16 7:16 ` [PATCH v2 3/7] perf tool: extend Perf tool with CAP_SYS_PERFMON capability support Alexey Budankov
2019-12-16 7:16 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:16 ` Alexey Budankov
2019-12-16 7:17 ` [PATCH v2 4/7] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process Alexey Budankov
2019-12-16 7:17 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:17 ` Alexey Budankov
2019-12-16 7:17 ` [PATCH v2 5/7] trace/bpf_trace: " Alexey Budankov
2019-12-16 7:17 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:17 ` Alexey Budankov
2019-12-16 7:18 ` [PATCH v2 6/7] powerpc/perf: " Alexey Budankov
2019-12-16 7:18 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:18 ` Alexey Budankov
2019-12-16 7:19 ` [PATCH v2 7/7] parisc/perf: " Alexey Budankov
2019-12-16 7:19 ` [Intel-gfx] " Alexey Budankov
2019-12-16 7:19 ` Alexey Budankov
2019-12-16 7:28 ` [Intel-gfx] ✗ Fi.CI.BUILD: failure for Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c471a28b-6620-9b0a-4b6e-43f4956202cd@linux.intel.com \
--to=alexey.budankov@linux.intel.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=ast@kernel.org \
--cc=benh@kernel.crashing.org \
--cc=bgregg@netflix.com \
--cc=bpf@vger.kernel.org \
--cc=casey@schaufler-ca.com \
--cc=eranian@google.com \
--cc=ilubashe@akamai.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=james.bottomley@hansenpartnership.com \
--cc=jani.nikula@linux.intel.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=jolsa@redhat.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=rodrigo.vivi@intel.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=songliubraving@fb.com \
--cc=tglx@linutronix.de \
--cc=tvrtko.ursulin@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.