From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Hari Bathini <hbathini@linux.vnet.ibm.com>
Cc: ast@fb.com, peterz@infradead.org,
lkml <linux-kernel@vger.kernel.org>,
alexander.shishkin@linux.intel.com,
Ingo Molnar <mingo@kernel.org>,
daniel@iogearbox.net, rostedt@goodmis.org,
Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>,
ebiederm@xmission.com, sargun@sargun.me,
Aravinda Prasad <aravinda@linux.vnet.ibm.com>,
brendan.d.gregg@gmail.com, jolsa@redhat.com
Subject: Re: [PATCH v8 1/6] perf: Add PERF_RECORD_NAMESPACES to include namespaces related info
Date: Mon, 13 Mar 2017 16:52:38 -0300 [thread overview]
Message-ID: <20170313195238.GA3089@kernel.org> (raw)
In-Reply-To: <148891929686.25309.2827618988917007768.stgit@hbathini.in.ibm.com>
Em Wed, Mar 08, 2017 at 02:11:36AM +0530, Hari Bathini escreveu:
> @@ -9691,6 +9825,11 @@ SYSCALL_DEFINE5(perf_event_open,
> return -EACCES;
> }
>
> + if (attr.namespaces) {
> + if (!capable(CAP_SYS_ADMIN))
> + return -EACCES;
> + }
> +
So, testing the first tooling patch I get:
[acme@jouet linux]$ perf record --namespaces ls
Error:
You may not have permission to collect stats.
Consider tweaking /proc/sys/kernel/perf_event_paranoid,
which controls use of the performance events system by
unprivileged users (without CAP_SYS_ADMIN).
The current value is 2:
-1: Allow use of (almost) all events by all users
>= 0: Disallow raw tracepoint access by users without CAP_IOC_LOCK
>= 1: Disallow CPU event access by users without CAP_SYS_ADMIN
>= 2: Disallow kernel profiling by users without CAP_SYS_ADMIN
To make this setting permanent, edit /etc/sysctl.conf too, e.g.:
kernel.perf_event_paranoid = -1
[acme@jouet linux]$
----------------------- 8< ---------------------------------------
So this specific case is not related to perf_event_paranoid, we need to
improve error handling here, i.e. see attr.namespaces, !CAP_SYS_ADMIN,
-EACCESS at sys_perf_event_open() -> better error message.
And perhaps we make an extra check about perf_event_paranoid... Ingo? Peter?
Can be done as a follow up patch tho, just adding entry to the collective TODO
list.
- Arnaldo
next prev parent reply other threads:[~2017-03-13 19:53 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-07 20:41 [PATCH v8 0/6] perf: Add support for analyzing events for containers Hari Bathini
2017-03-07 20:41 ` [PATCH v8 1/6] perf: Add PERF_RECORD_NAMESPACES to include namespaces related info Hari Bathini
2017-03-13 19:52 ` Arnaldo Carvalho de Melo [this message]
2017-03-15 18:39 ` [tip:perf/core] " tip-bot for Hari Bathini
2017-03-07 20:41 ` [PATCH v8 2/6] perf tools: " Hari Bathini
2017-03-15 18:39 ` [tip:perf/core] " tip-bot for Hari Bathini
2017-03-07 20:41 ` [PATCH v8 3/6] perf record: Synthesize namespace events for current processes Hari Bathini
2017-03-14 13:34 ` Arnaldo Carvalho de Melo
2017-03-15 18:40 ` [tip:perf/core] " tip-bot for Hari Bathini
2017-03-07 20:41 ` [PATCH v8 4/6] perf tools: Add print support for namespace events Hari Bathini
2017-03-14 14:29 ` Arnaldo Carvalho de Melo
2017-03-07 20:42 ` [PATCH v8 5/6] perf script: Add script " Hari Bathini
2017-03-15 18:40 ` [tip:perf/core] " tip-bot for Hari Bathini
2017-03-07 20:42 ` [PATCH v8 6/6] perf tools: Add cgroup identifier sort order keyword Hari Bathini
2017-03-15 18:41 ` [tip:perf/core] perf tools: Add 'cgroup_id' " tip-bot for Hari Bathini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170313195238.GA3089@kernel.org \
--to=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=ananth@linux.vnet.ibm.com \
--cc=aravinda@linux.vnet.ibm.com \
--cc=ast@fb.com \
--cc=brendan.d.gregg@gmail.com \
--cc=daniel@iogearbox.net \
--cc=ebiederm@xmission.com \
--cc=hbathini@linux.vnet.ibm.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.