Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1572508pxa; Thu, 6 Aug 2020 10:33:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwCA4eBm6VgI6wPak4FYiNZJgVRftzcBi19Z+5f1Uo/EbyXivIIgSU4PUnfkpvsk4zD9XnY X-Received: by 2002:a17:906:38d8:: with SMTP id r24mr5200365ejd.341.1596735207117; Thu, 06 Aug 2020 10:33:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596735207; cv=none; d=google.com; s=arc-20160816; b=ydCPXbk8EylG+peLqzEl6Jd2ik2zUSTOYC/GlDI2YZLtQysd6Aymolc2Rer9jqy9vq NxDOVBCvTVGQublys2pqcqQSkgCnS0Nk9L6L8uOjg+KHFSNwrpV8eyxEK9VuAbY5usxp t1lEdVws1fGgy9bXBtaisqmsbFv8FAkDhMPYFmJFmPIcI2mohI5KWtLdfpS/fTCQw1uy HnbiZpVW0FRGJ/mSRICSYp7qj6meXYiwmCLNzY0wOvBJdkjyKmB8U3tI+y2tPw0Nd2Nm vivEzAg1vMNegi7ri9wJeHE01EjhfowhOMHrD4ZolLBlhZBO7mtQpqBQRHT4gPop/C0t /CQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=ac5r/tkoGjGS7GzaIKrqE7A+G+t3YhEHJNaaz+Q8v/g=; b=hrxAVpmb0qGBR0joPuYO23c+Rwu4OAOO/7q41zv7tF/l2Ts09gAchvyqYphcgsaWxH wQfhqfX7lNV9FQjdWf3Zv0DKA/rpAftJf56m4OdbLuESs9f8q2VX8nOwtGweHthanESt EbptiAHEBgC0q0KpEwgNurHSWZNiBhFIhBm4DT9it+PUHaJWkimBjb3rXyJIhJhHwmkm 8OAlqaTFgmDHuC91ueKWdng5HWeP+GYqXq3afNUAR9wln+rrS5gl7EeXmkLMGpON8rxe qmC9RwVM3mO8IOdVjBR8dAUSJA6y1ouehHRbgatRK2ktrfQClSMqywDUdMciIc8s35Ay Nz3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=zRVBf93R; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dm22si4530614ejc.191.2020.08.06.10.33.04; Thu, 06 Aug 2020 10:33:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=zRVBf93R; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730411AbgHFRcm (ORCPT + 99 others); Thu, 6 Aug 2020 13:32:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:55502 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730021AbgHFRcF (ORCPT ); Thu, 6 Aug 2020 13:32:05 -0400 Received: from quaco.ghostprotocols.net (unknown [179.162.129.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 48A1D22D70; Thu, 6 Aug 2020 12:14:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596716098; bh=m16MT79olmaa7abBr/5LqaDwmt0YlsS+xqXWUX0QNaE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=zRVBf93Ri71TRAetiYxoE8JIOQrmypZHCdqTW4lW9X2BdGGR2qAkpDq5FhayVAXsf RA5zLJ/ll6jmZd/C0WixhECssjCV0VDOu0joM8KTTJRTXQpIkP91HS6fQOg2RI94Rw uQ9pCfYblkm8+NeuH+bhopH9+4ZroK2dkJdt9Ljg= Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id D393D40524; Thu, 6 Aug 2020 09:14:55 -0300 (-03) Date: Thu, 6 Aug 2020 09:14:55 -0300 From: Arnaldo Carvalho de Melo To: Alexey Budankov Cc: Jiri Olsa , Namhyung Kim , Alexander Shishkin , Peter Zijlstra , Ingo Molnar , Andi Kleen , linux-kernel Subject: Re: [PATCH v1] perf: extend message to mention CAP_SYS_PTRACE and perf security doc link Message-ID: <20200806121455.GF16189@kernel.org> References: <6f8a7425-6e7d-19aa-1605-e59836b9e2a6@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6f8a7425-6e7d-19aa-1605-e59836b9e2a6@linux.intel.com> X-Url: http://acmel.wordpress.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Wed, Aug 05, 2020 at 10:31:20AM +0300, Alexey Budankov escreveu: > > Adjust limited access message to mention CAP_SYS_PTRACE capability > for processes of unprivileged users. Add link to perf security > document in the end of the section about capabilities. > The change has been inspired by this discussion: > https://lore.kernel.org/lkml/20200722113007.GI77866@kernel.org/ Thanks, applied. - Arnaldo > Signed-off-by: Alexey Budankov > --- > tools/perf/util/evsel.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c > index 9aa51a65593d..e241ee773ccb 100644 > --- a/tools/perf/util/evsel.c > +++ b/tools/perf/util/evsel.c > @@ -2500,8 +2500,10 @@ int evsel__open_strerror(struct evsel *evsel, struct target *target, > > return scnprintf(msg + printed, size - printed, > "Consider adjusting /proc/sys/kernel/perf_event_paranoid setting to open\n" > - "access to performance monitoring and observability operations for users\n" > - "without CAP_PERFMON or CAP_SYS_ADMIN Linux capability.\n" > + "access to performance monitoring and observability operations for processes\n" > + "without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux capability.\n" > + "More information can be found at 'Perf events and tool security' document:\n" > + "https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html\n" > "perf_event_paranoid setting is %d:\n" > " -1: Allow use of (almost) all events by all users\n" > " Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK\n" > -- > 2.24.1 -- - Arnaldo