[PATCH v6 06/10] trace/bpf_trace: open access for CAP_PERFMON privileged process
James Morris
jmorris at namei.org
Tue Jan 28 21:17:11 UTC 2020
On Tue, 28 Jan 2020, Alexey Budankov wrote:
>
> Signed-off-by: Alexey Budankov <alexey.budankov at linux.intel.com>
> ---
> kernel/trace/bpf_trace.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index e5ef4ae9edb5..334f1d71ebb1 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -1395,7 +1395,7 @@ int perf_event_query_prog_array(struct perf_event *event, void __user *info)
> u32 *ids, prog_cnt, ids_len;
> int ret;
>
> - if (!capable(CAP_SYS_ADMIN))
> + if (!perfmon_capable())
> return -EPERM;
> if (event->attr.type != PERF_TYPE_TRACEPOINT)
> return -EINVAL;
>
Acked-by: James Morris <jamorris at linux.microsoft.com>
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list