Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754749AbdCMTxH (ORCPT <rfc822;w@1wt.eu>);
        Mon, 13 Mar 2017 15:53:07 -0400
Received: from mail.kernel.org ([198.145.29.136]:35766 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1754656AbdCMTwp (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 13 Mar 2017 15:52:45 -0400
Date: Mon, 13 Mar 2017 16:52:38 -0300
From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Hari Bathini <hbathini@linux.vnet.ibm.com>
Cc: ast@fb.com, peterz@infradead.org, lkml <linux-kernel@vger.kernel.org>,
        alexander.shishkin@linux.intel.com, Ingo Molnar <mingo@kernel.org>,
        daniel@iogearbox.net, rostedt@goodmis.org,
        Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>,
        ebiederm@xmission.com, sargun@sargun.me,
        Aravinda Prasad <aravinda@linux.vnet.ibm.com>,
        brendan.d.gregg@gmail.com, jolsa@redhat.com
Subject: Re: [PATCH v8 1/6] perf: Add PERF_RECORD_NAMESPACES to include
 namespaces related info
Message-ID: <20170313195238.GA3089@kernel.org>
References: <148891921533.25309.8328657213311313206.stgit@hbathini.in.ibm.com>
 <148891929686.25309.2827618988917007768.stgit@hbathini.in.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <148891929686.25309.2827618988917007768.stgit@hbathini.in.ibm.com>
X-Url: http://acmel.wordpress.com
User-Agent: Mutt/1.7.1 (2016-10-04)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1388
Lines: 46

Em Wed, Mar 08, 2017 at 02:11:36AM +0530, Hari Bathini escreveu:
> @@ -9691,6 +9825,11 @@ SYSCALL_DEFINE5(perf_event_open,
>  			return -EACCES;
>  	}
>  
> +	if (attr.namespaces) {
> +		if (!capable(CAP_SYS_ADMIN))
> +			return -EACCES;
> +	}
> +

So, testing the first tooling patch I get:

[acme@jouet linux]$ perf record --namespaces ls
Error:
You may not have permission to collect stats.

Consider tweaking /proc/sys/kernel/perf_event_paranoid,
which controls use of the performance events system by
unprivileged users (without CAP_SYS_ADMIN).

The current value is 2:

  -1: Allow use of (almost) all events by all users
>= 0: Disallow raw tracepoint access by users without CAP_IOC_LOCK
>= 1: Disallow CPU event access by users without CAP_SYS_ADMIN
>= 2: Disallow kernel profiling by users without CAP_SYS_ADMIN

To make this setting permanent, edit /etc/sysctl.conf too, e.g.:

	kernel.perf_event_paranoid = -1

[acme@jouet linux]$

----------------------- 8< ---------------------------------------

So this specific case is not related to perf_event_paranoid, we need to
improve error handling here, i.e. see attr.namespaces, !CAP_SYS_ADMIN,
-EACCESS at sys_perf_event_open() -> better error message.

And perhaps we make an extra check about perf_event_paranoid... Ingo? Peter?

Can be done as a follow up patch tho, just adding entry to the collective TODO
list.

- Arnaldo