[PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups
Peter Zijlstra
peterz at infradead.org
Wed Dec 11 15:24:35 UTC 2019
On Wed, Dec 11, 2019 at 01:52:15PM +0300, Alexey Budankov wrote:
> Undoubtedly, SELinux is the powerful, mature, whole level of functionality that
> could provide benefits not only for perf_events subsystem. However perf_events
> is built around capabilities to provide access control to its functionality,
> thus perf_events would require considerable rework prior it could be controlled
> thru SELinux.
You mean this:
da97e18458fb ("perf_event: Add support for LSM and SELinux checks")
?
> Then the adoption could also require changes to the installed
> infrastructure just for the sake of adopting alternative access control mechanism.
This is still very much true.
More information about the Linux-security-module-archive
mailing list