Em Wed, Aug 05, 2020 at 10:31:20AM +0300, Alexey Budankov escreveu: > > Adjust limited access message to mention CAP_SYS_PTRACE capability > for processes of unprivileged users. Add link to perf security > document in the end of the section about capabilities. > The change has been inspired by this discussion: > https://lore.kernel.org/lkml/20200722113007.gi77...@kernel.org/
Thanks, applied. - Arnaldo > Signed-off-by: Alexey Budankov <alexey.budan...@linux.intel.com> > --- > tools/perf/util/evsel.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c > index 9aa51a65593d..e241ee773ccb 100644 > --- a/tools/perf/util/evsel.c > +++ b/tools/perf/util/evsel.c > @@ -2500,8 +2500,10 @@ int evsel__open_strerror(struct evsel *evsel, struct > target *target, > > return scnprintf(msg + printed, size - printed, > "Consider adjusting /proc/sys/kernel/perf_event_paranoid > setting to open\n" > - "access to performance monitoring and observability operations > for users\n" > - "without CAP_PERFMON or CAP_SYS_ADMIN Linux capability.\n" > + "access to performance monitoring and observability operations > for processes\n" > + "without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux > capability.\n" > + "More information can be found at 'Perf events and tool > security' document:\n" > + > "https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html\n"; > "perf_event_paranoid setting is %d:\n" > " -1: Allow use of (almost) all events by all users\n" > " Ignore mlock limit after perf_event_mlock_kb without > CAP_IPC_LOCK\n" > -- > 2.24.1 -- - Arnaldo
