[Intel-gfx] [PATCH v3 4/7] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process
Lionel Landwerlin
lionel.g.landwerlin at intel.com
Tue Dec 17 09:45:20 UTC 2019
On 16/12/2019 22:03, Alexey Budankov wrote:
> Open access to i915_perf monitoring for CAP_SYS_PERFMON privileged processes.
> For backward compatibility reasons access to i915_perf subsystem remains open
> for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure
> i915_perf monitoring is discouraged with respect to CAP_SYS_PERFMON capability.
>
> Signed-off-by: Alexey Budankov <alexey.budankov at linux.intel.com>
Assuming people are fine with this new cap, I like this idea of a
lighter privilege for i915-perf.
-Lionel
More information about the Linux-security-module-archive
mailing list