On Fri, Aug 30, 2013 at 05:59:36PM +0200, Peter Zijlstra wrote: > On Fri, Aug 30, 2013 at 05:52:43PM +0200, Frederic Weisbecker wrote: > > On Tue, Aug 27, 2013 at 02:16:29PM +0200, Peter Zijlstra wrote: > > > On Mon, Aug 26, 2013 at 03:03:04PM -0400, Steven Rostedt wrote: > > > > > Is there some path through sys_perf_open_event that might be > > > > > missing a capability check perhaps ? > > > > > > > > > > > > > That's a question for Ingo, Peter or Jiri. > > > > > > Its not something I've looked at recently, git blames Jiri and fweisbec > > > for most of that code. > > > > > > Permission checks appear to live in > > > kernel/trace/trace_event_perf.c:perf_trace_event_perm(). > > > > Actually the following condition is weird: > > > > /* The ftrace function trace is allowed only for root. */ > > if (ftrace_event_is_function(tp_event) && > > perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) > > return -EPERM; > > > > That says: If its its a function-event and we're paranoid but we don't > have root, bail.
Right, I misunderstood and thought we messed up general tracepoint permissions with function events. > > > We probably intended to do: > > > > /* The ftrace function trace is allowed only for root. */ > > if (ftrace_event_is_function(tp_event) || > > perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) > > return -EPERM; > > > > Can somebody confirm? > > That would always disallow function-events, no? Yeah, sorry, returning from holidays require more dense coffee. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
