From 4b0297ef8a4ecd56ec105e49752d1378e4f8a2f4 Mon Sep 17 00:00:00 2001 From: Alexey Budankov Date: Wed, 5 Aug 2020 10:31:20 +0300 Subject: perf evsel: Extend message to mention CAP_SYS_PTRACE and perf security doc link Adjust limited access message to mention CAP_SYS_PTRACE capability for processes of unprivileged users. Add link to perf security document in the end of the section about capabilities. The change has been inspired by this discussion: https://lore.kernel.org/lkml/20200722113007.GI77866@kernel.org/ Signed-off-by: Alexey Budankov Cc: Alexander Shishkin Cc: Andi Kleen Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lore.kernel.org/lkml/6f8a7425-6e7d-19aa-1605-e59836b9e2a6@linux.intel.com Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/evsel.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c index b1845f799d81..fd865002cbbd 100644 --- a/tools/perf/util/evsel.c +++ b/tools/perf/util/evsel.c @@ -2502,8 +2502,10 @@ int evsel__open_strerror(struct evsel *evsel, struct target *target, return scnprintf(msg + printed, size - printed, "Consider adjusting /proc/sys/kernel/perf_event_paranoid setting to open\n" - "access to performance monitoring and observability operations for users\n" - "without CAP_PERFMON or CAP_SYS_ADMIN Linux capability.\n" + "access to performance monitoring and observability operations for processes\n" + "without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux capability.\n" + "More information can be found at 'Perf events and tool security' document:\n" + "https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html\n" "perf_event_paranoid setting is %d:\n" " -1: Allow use of (almost) all events by all users\n" " Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK\n" -- cgit v1.2.3