[PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
Andi Kleen
ak at linux.intel.com
Thu Dec 5 18:11:55 UTC 2019
> The question isn't whether the tool could use the capability, it's whether
> the tool would also need CAP_SYS_ADMIN to be useful. Are there existing
> tools that could stop using CAP_SYS_ADMIN in favor of CAP_SYS_PERFMON?
> My bet is that any tool that does performance monitoring is going to need
> CAP_SYS_ADMIN for other reasons.
At least perf stat won't.
-Andi
More information about the Linux-security-module-archive
mailing list