Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754749AbdCMTxH (ORCPT ); Mon, 13 Mar 2017 15:53:07 -0400 Received: from mail.kernel.org ([198.145.29.136]:35766 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754656AbdCMTwp (ORCPT ); Mon, 13 Mar 2017 15:52:45 -0400 Date: Mon, 13 Mar 2017 16:52:38 -0300 From: Arnaldo Carvalho de Melo To: Hari Bathini Cc: ast@fb.com, peterz@infradead.org, lkml , alexander.shishkin@linux.intel.com, Ingo Molnar , daniel@iogearbox.net, rostedt@goodmis.org, Ananth N Mavinakayanahalli , ebiederm@xmission.com, sargun@sargun.me, Aravinda Prasad , brendan.d.gregg@gmail.com, jolsa@redhat.com Subject: Re: [PATCH v8 1/6] perf: Add PERF_RECORD_NAMESPACES to include namespaces related info Message-ID: <20170313195238.GA3089@kernel.org> References: <148891921533.25309.8328657213311313206.stgit@hbathini.in.ibm.com> <148891929686.25309.2827618988917007768.stgit@hbathini.in.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <148891929686.25309.2827618988917007768.stgit@hbathini.in.ibm.com> X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1388 Lines: 46 Em Wed, Mar 08, 2017 at 02:11:36AM +0530, Hari Bathini escreveu: > @@ -9691,6 +9825,11 @@ SYSCALL_DEFINE5(perf_event_open, > return -EACCES; > } > > + if (attr.namespaces) { > + if (!capable(CAP_SYS_ADMIN)) > + return -EACCES; > + } > + So, testing the first tooling patch I get: [acme@jouet linux]$ perf record --namespaces ls Error: You may not have permission to collect stats. Consider tweaking /proc/sys/kernel/perf_event_paranoid, which controls use of the performance events system by unprivileged users (without CAP_SYS_ADMIN). The current value is 2: -1: Allow use of (almost) all events by all users >= 0: Disallow raw tracepoint access by users without CAP_IOC_LOCK >= 1: Disallow CPU event access by users without CAP_SYS_ADMIN >= 2: Disallow kernel profiling by users without CAP_SYS_ADMIN To make this setting permanent, edit /etc/sysctl.conf too, e.g.: kernel.perf_event_paranoid = -1 [acme@jouet linux]$ ----------------------- 8< --------------------------------------- So this specific case is not related to perf_event_paranoid, we need to improve error handling here, i.e. see attr.namespaces, !CAP_SYS_ADMIN, -EACCESS at sys_perf_event_open() -> better error message. And perhaps we make an extra check about perf_event_paranoid... Ingo? Peter? Can be done as a follow up patch tho, just adding entry to the collective TODO list. - Arnaldo