[Intel-gfx] [PATCH v3 4/7] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process

Lionel Landwerlin lionel.g.landwerlin at intel.com
Tue Dec 17 09:45:20 UTC 2019


On 16/12/2019 22:03, Alexey Budankov wrote:
> Open access to i915_perf monitoring for CAP_SYS_PERFMON privileged processes.
> For backward compatibility reasons access to i915_perf subsystem remains open
> for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure
> i915_perf monitoring is discouraged with respect to CAP_SYS_PERFMON capability.
>
> Signed-off-by: Alexey Budankov <alexey.budankov at linux.intel.com>


Assuming people are fine with this new cap, I like this idea of a 
lighter privilege for i915-perf.


-Lionel




More information about the Linux-security-module-archive mailing list