[v4] security: add trace event for cap_capable
Serge E. Hallyn
serge at hallyn.com
Wed Oct 30 20:59:17 UTC 2024
On Tue, Oct 29, 2024 at 06:33:14PM -0700, Jordan Rome wrote:
> In cases where we want a stable way to observe/trace
> cap_capable (e.g. protection from inlining and API updates)
> add a tracepoint that passes:
> - The credentials used
> - The user namespace of the resource being accessed
> - The user namespace in which the credential provides the
> capability to access the targeted resource
> - The capability to check for
> - Bitmask of options defined in include/linux/security.h
> - The return value of the check
>
> Signed-off-by: Jordan Rome <linux at jordanrome.com>
Thanks, applied to https://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux.git/log/?h=v6.12-rc1%2bcaps
More information about the Linux-security-module-archive
mailing list