[PATCH v2 1/4] perf trace: substitute CAP_SYS_ADMIN with CAP_PERFMON in error message
Arnaldo Carvalho de Melo
arnaldo.melo at gmail.com
Thu Apr 23 18:10:30 UTC 2020
Em Thu, Apr 23, 2020 at 05:49:32PM +0300, Alexey Budankov escreveu:
>
> On 23.04.2020 16:20, Arnaldo Carvalho de Melo wrote:
> > Em Wed, Apr 22, 2020 at 05:44:02PM +0300, Alexey Budankov escreveu:
> >>
> >> Update error message to mention CAP_PERFMON only. CAP_SYS_ADMIN still
> >> works in keeping with user space backward compatibility approach.
> >
> > This will confuse users that build the latest perf to use in older
> > systems where CAP_PERFMON isn't available, probably we need to, in these
> > cases, check for the existence of CAP_PERFMON to provide a better
> > warning message, something like:
> >
> > You need CAP_ADMIN or update your kernel and libcap to one that supports
> > CAP_PERFMON.
> >
> > For systems without CAP_PERFMON, while mentioning only CAP_PERFMON for
> > systems where it is present, right?
>
> Right, but this ideal implementation requires more effort, so staying with
> two caps in the message and letting users decide which one to use looks like
> a good balance already.
Agreed.
- Arnaldo
More information about the Linux-security-module-archive
mailing list