From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>, Andi Kleen <ak@linux.intel.com>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v1] perf: extend message to mention CAP_SYS_PTRACE and perf security doc link
Date: Thu, 6 Aug 2020 09:14:55 -0300 [thread overview]
Message-ID: <20200806121455.GF16189@kernel.org> (raw)
In-Reply-To: <6f8a7425-6e7d-19aa-1605-e59836b9e2a6@linux.intel.com>
Em Wed, Aug 05, 2020 at 10:31:20AM +0300, Alexey Budankov escreveu:
>
> Adjust limited access message to mention CAP_SYS_PTRACE capability
> for processes of unprivileged users. Add link to perf security
> document in the end of the section about capabilities.
> The change has been inspired by this discussion:
> https://lore.kernel.org/lkml/20200722113007.GI77866@kernel.org/
Thanks, applied.
- Arnaldo
> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
> ---
> tools/perf/util/evsel.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
> index 9aa51a65593d..e241ee773ccb 100644
> --- a/tools/perf/util/evsel.c
> +++ b/tools/perf/util/evsel.c
> @@ -2500,8 +2500,10 @@ int evsel__open_strerror(struct evsel *evsel, struct target *target,
>
> return scnprintf(msg + printed, size - printed,
> "Consider adjusting /proc/sys/kernel/perf_event_paranoid setting to open\n"
> - "access to performance monitoring and observability operations for users\n"
> - "without CAP_PERFMON or CAP_SYS_ADMIN Linux capability.\n"
> + "access to performance monitoring and observability operations for processes\n"
> + "without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux capability.\n"
> + "More information can be found at 'Perf events and tool security' document:\n"
> + "https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html\n"
> "perf_event_paranoid setting is %d:\n"
> " -1: Allow use of (almost) all events by all users\n"
> " Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK\n"
> --
> 2.24.1
--
- Arnaldo
prev parent reply other threads:[~2020-08-06 17:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-05 7:31 [PATCH v1] perf: extend message to mention CAP_SYS_PTRACE and perf security doc link Alexey Budankov
2020-08-06 12:14 ` Arnaldo Carvalho de Melo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200806121455.GF16189@kernel.org \
--to=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexey.budankov@linux.intel.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox