[PATCH bpf-next] bpf, capabilities: introduce CAP_BPF
Steven Rostedt
rostedt at goodmis.org
Thu Aug 29 17:47:22 UTC 2019
On Thu, 29 Aug 2019 10:19:24 -0700
Alexei Starovoitov <alexei.starovoitov at gmail.com> wrote:
> On Thu, Aug 29, 2019 at 09:34:34AM -0400, Steven Rostedt wrote:
> >
> > As the above seems to favor the idea of CAP_TRACING allowing write
> > access to tracefs, should we have a CAP_TRACING_RO for just read access
> > and limited perf abilities?
>
> read only vs writeable is an attribute of the file system.
> Bringing such things into caps seem wrong to me.
So using groups then? I'm fine with that.
-- Steve
More information about the Linux-security-module-archive
mailing list