Re: [PATCH v2] perf_event_open.2: update the man page with CAP_PERFMON related information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 27 Oct 2020 at 18:10, Alexey Budankov
<alexey.budankov@xxxxxxxxxxxxxxx> wrote:
>
>
> On 27.10.2020 19:57, Michael Kerrisk (man-pages) wrote:
> > Hello Alexey,
> >
> > On 10/27/20 5:48 PM, Alexey Budankov wrote:
> >>
> >> Extend perf_event_open 2 man page with the information about
> >> CAP_PERFMON capability designed to secure performance monitoring
> >> and observability operation in a system according to the principle
> >> of least privilege [1] (POSIX IEEE 1003.1e, 2.2.2.39).
> >>
> >> [1] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
> >>
> >> Signed-off-by: Alexey Budankov <alexey.budankov@xxxxxxxxxxxxxxx>
> >
> > Thanks for this. I've applied. I have a few questions/comments below.
> >
> >> ---
> >>  man2/perf_event_open.2 | 32 ++++++++++++++++++++++++++++++--
> >>  1 file changed, 30 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/man2/perf_event_open.2 b/man2/perf_event_open.2
> >> index 4827a359d..9810bc554 100644
> >> --- a/man2/perf_event_open.2
> >> +++ b/man2/perf_event_open.2
> >> @@ -97,6 +97,8 @@ when running on the specified CPU.
> >>  .BR "pid == \-1" " and " "cpu >= 0"
> >>  This measures all processes/threads on the specified CPU.
> >>  This requires
> >> +.B CAP_PERFMON
> >> +(since Linux 5.8) or
> >>  .B CAP_SYS_ADMIN
> >>  capability or a
> >>  .I /proc/sys/kernel/perf_event_paranoid
> >> @@ -108,9 +110,11 @@ This setting is invalid and will return an error.
> >>  When
> >>  .I pid
> >>  is greater than zero, permission to perform this system call
> >> -is governed by a ptrace access mode
> >> +is governed by
> >> +.B CAP_PERFMON
> >> +(since Linux 5.9) and a ptrace access mode
> >
> > I want to check: did you really mean 5.9 here? (Everywhere else,
> > 5.8 is mentioned, but perhaps this change came in the next kernel
> > version.)
>
> Yes, it is not a typo. This thing was merged into v5.9.
>
> Thanks,
> Alexei

Thanks, Alexei!



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux