Skip to content
Unverified Commit d48da4d5 authored by Jordan Rome's avatar Jordan Rome Committed by Serge Hallyn
Browse files

security: add trace event for cap_capable 



In cases where we want a stable way to observe/trace
cap_capable (e.g. protection from inlining and API updates)
add a tracepoint that passes:
- The credentials used
- The user namespace of the resource being accessed
- The user namespace in which the credential provides the
capability to access the targeted resource
- The capability to check for
- The return value of the check

Signed-off-by: default avatarJordan Rome <linux@jordanrome.com>
Acked-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Reviewed-by: default avatarPaul Moore <paul@paul-moore.com>
Reviewed-by: default avatarSerge Hallyn <serge@hallyn.com>
Link: https://lore.kernel.org/r/20241204155911.1817092-1-linux@jordanrome.com


Signed-off-by: default avatarSerge Hallyn <sergeh@kernel.org>
parent 3f4f1f8a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment