Message ID | f1b48de9-e2b7-d20b-3686-3a15b73ef45c@linux.intel.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | perf: make Perf tool aware of SELinux access control | expand |
Em Wed, Apr 22, 2020 at 05:44:53PM +0300, Alexey Budankov escreveu: > > Substitute CAP_SYS_ADMIN with CAP_PERFMON in the docs where admin > is mentioned. CAP_SYS_ADMIN still works in keeping with user space > backward compatibility approach. Same issue as with the previous patch, the documentation is for the tool, that may be used in older kernels, so we need to clarify that CAP_PERFMON requires updating libcap and the kernel, if that isn't possible, then CAP_SYS_ADMIN is needed. - Arnaldo > Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com> > --- > tools/perf/Documentation/perf-intel-pt.txt | 2 +- > tools/perf/design.txt | 3 +-- > 2 files changed, 2 insertions(+), 3 deletions(-) > > diff --git a/tools/perf/Documentation/perf-intel-pt.txt b/tools/perf/Documentation/perf-intel-pt.txt > index 456fdcbf26ac..176597be0755 100644 > --- a/tools/perf/Documentation/perf-intel-pt.txt > +++ b/tools/perf/Documentation/perf-intel-pt.txt > @@ -687,7 +687,7 @@ The v4.2 kernel introduced support for a context switch metadata event, > PERF_RECORD_SWITCH, which allows unprivileged users to see when their processes > are scheduled out and in, just not by whom, which is left for the > PERF_RECORD_SWITCH_CPU_WIDE, that is only accessible in system wide context, > -which in turn requires CAP_SYS_ADMIN. > +which in turn requires CAP_PERFMON. > > Please see the 45ac1403f564 ("perf: Add PERF_RECORD_SWITCH to indicate context > switches") commit, that introduces these metadata events for further info. > diff --git a/tools/perf/design.txt b/tools/perf/design.txt > index a42fab308ff6..6fd879440c40 100644 > --- a/tools/perf/design.txt > +++ b/tools/perf/design.txt > @@ -258,8 +258,7 @@ gets schedule to. Per task counters can be created by any user, for > their own tasks. > > A 'pid == -1' and 'cpu == x' counter is a per CPU counter that counts > -all events on CPU-x. Per CPU counters need CAP_PERFMON or CAP_SYS_ADMIN > -privilege. > +all events on CPU-x. Per CPU counters need CAP_PERFMON privilege. > > The 'flags' parameter is currently unused and must be zero. > > -- > 2.24.1 > >
On 23.04.2020 16:22, Arnaldo Carvalho de Melo wrote: > Em Wed, Apr 22, 2020 at 05:44:53PM +0300, Alexey Budankov escreveu: >> >> Substitute CAP_SYS_ADMIN with CAP_PERFMON in the docs where admin >> is mentioned. CAP_SYS_ADMIN still works in keeping with user space >> backward compatibility approach. > > Same issue as with the previous patch, the documentation is for the > tool, that may be used in older kernels, so we need to clarify that > CAP_PERFMON requires updating libcap and the kernel, if that isn't > possible, then CAP_SYS_ADMIN is needed. Then it is just extending of single mentioning of "CAP_SYS_ADMIN" with "CAP_PERFMON or CAP_SYS_ADMIN" where required. Thanks, Alexey
diff --git a/tools/perf/Documentation/perf-intel-pt.txt b/tools/perf/Documentation/perf-intel-pt.txt index 456fdcbf26ac..176597be0755 100644 --- a/tools/perf/Documentation/perf-intel-pt.txt +++ b/tools/perf/Documentation/perf-intel-pt.txt @@ -687,7 +687,7 @@ The v4.2 kernel introduced support for a context switch metadata event, PERF_RECORD_SWITCH, which allows unprivileged users to see when their processes are scheduled out and in, just not by whom, which is left for the PERF_RECORD_SWITCH_CPU_WIDE, that is only accessible in system wide context, -which in turn requires CAP_SYS_ADMIN. +which in turn requires CAP_PERFMON. Please see the 45ac1403f564 ("perf: Add PERF_RECORD_SWITCH to indicate context switches") commit, that introduces these metadata events for further info. diff --git a/tools/perf/design.txt b/tools/perf/design.txt index a42fab308ff6..6fd879440c40 100644 --- a/tools/perf/design.txt +++ b/tools/perf/design.txt @@ -258,8 +258,7 @@ gets schedule to. Per task counters can be created by any user, for their own tasks. A 'pid == -1' and 'cpu == x' counter is a per CPU counter that counts -all events on CPU-x. Per CPU counters need CAP_PERFMON or CAP_SYS_ADMIN -privilege. +all events on CPU-x. Per CPU counters need CAP_PERFMON privilege. The 'flags' parameter is currently unused and must be zero.
Substitute CAP_SYS_ADMIN with CAP_PERFMON in the docs where admin is mentioned. CAP_SYS_ADMIN still works in keeping with user space backward compatibility approach. Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com> --- tools/perf/Documentation/perf-intel-pt.txt | 2 +- tools/perf/design.txt | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-)