Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups

From: Andi Kleen
Date: Thu Dec 05 2019 - 13:12:05 EST

Next message: Christopher Lameter: "Re: [v2 PATCH] mm: move_pages: return valid node id in status if the page is already on the target node"
Previous message: Qian Cai: "Re: [v2 PATCH] mm: move_pages: return valid node id in status if the page is already on the target node"
In reply to: Casey Schaufler: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Next in thread: Alexey Budankov: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The question isn't whether the tool could use the capability, it's whether
> the tool would also need CAP_SYS_ADMIN to be useful. Are there existing
> tools that could stop using CAP_SYS_ADMIN in favor of CAP_SYS_PERFMON?
> My bet is that any tool that does performance monitoring is going to need
> CAP_SYS_ADMIN for other reasons.

At least perf stat won't.

-Andi

Next message: Christopher Lameter: "Re: [v2 PATCH] mm: move_pages: return valid node id in status if the page is already on the target node"
Previous message: Qian Cai: "Re: [v2 PATCH] mm: move_pages: return valid node id in status if the page is already on the target node"
In reply to: Casey Schaufler: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Next in thread: Alexey Budankov: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]