I'd like to use the perf utility. I was following instructions to set up a privileged group of users who are permitted to execute performance monitoring and observability without limits (as instructed here: https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html) . I added the group and limited access to users not in the group. I started having problems when assigning capabilities to the perf tool:
setcap cap_sys_admin,cap_sys_ptrace,cap_syslog=ep perffatal error: Invalid argument
usage: setcap [-q] [-v] [-n ] (-r|-|) [ ... (-r|-|) ]
Note must be a regular (non-symlink) file.stats perf gives me this
File: ./perf
Size: 1622 Blocks: 8 IO Block: 4096 regular file
Device: 10307h/66311d Inode: 35260925 Links: 1
Access: (0750/-rwxr-x---) Uid: ( 0/ root) Gid: ( 1001/perf_users)
Access: 2021-12-03 13:08:48.923220351 +0100
Modify: 2021-11-05 17:02:56.000000000 +0100
Change: 2021-12-03 12:31:49.451991980 +0100
Birth: -strace setcap cap_sys_admin,cap_sys_ptrace,cap_syslog=ep perf:
munmap(0x7f825054c000, 90581) = 0
prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1
prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x28 /* CAP_??? */) = 1
prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Invalid argument)
brk(NULL) = 0x55de3e858000
brk(0x55de3e879000) = 0x55de3e879000
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0, inheritable=0}) = 0
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=1<
Asked by levente.nas
(133 rep)
Dec 3, 2021, 01:07 PM
Last activity: Mar 29, 2024, 07:25 PM
Last activity: Mar 29, 2024, 07:25 PM