[PATCH v2 1/4] perf trace: substitute CAP_SYS_ADMIN with CAP_PERFMON in error message

Alexey Budankov alexey.budankov at linux.intel.com
Thu Apr 23 14:49:32 UTC 2020


On 23.04.2020 16:20, Arnaldo Carvalho de Melo wrote:
> Em Wed, Apr 22, 2020 at 05:44:02PM +0300, Alexey Budankov escreveu:
>>
>> Update error message to mention CAP_PERFMON only. CAP_SYS_ADMIN still
>> works in keeping with user space backward compatibility approach.
> 
> This will confuse users that build the latest perf to use in older
> systems where CAP_PERFMON isn't available, probably we need to, in these
> cases, check for the existence of CAP_PERFMON to provide a better
> warning message, something like:
> 
>   You need CAP_ADMIN or update your kernel and libcap to one that supports
>   CAP_PERFMON.
> 
> For systems without CAP_PERFMON, while mentioning only CAP_PERFMON for
> systems where it is present, right?

Right, but this ideal implementation requires more effort, so staying with
two caps in the message and letting users decide which one to use looks like
a good balance already. 

Thanks,
Alexey



More information about the Linux-security-module-archive mailing list