perf-security.rst - OpenGrok cross reference for /kernel/linux/linux-5.10/Documentation/admin-guide/perf-security.rst

Lines Matching +full:secure +full:- +full:regions
7 --------
50 -------------------------------
66 independently enabled and disabled on per-thread basis for processes and
74 observability operations in the kernel and provides a secure approach to
79 processes but CAP_SYS_ADMIN usage for secure monitoring and observability
84 is recommended as the preferred secure approach to resolve double access
100 ---------------------------------
102 Mechanisms of capabilities, privileged capability-dumb files [6]_ and
115    # ls -alhF
116    -rwxr-xr-x  2 root root  11M Oct 19 15:12 perf
118    # ls -alhF
119    -rwxr-xr-x  2 root perf_users  11M Oct 19 15:12 perf
120    # chmod o-rwx perf
121    # ls -alhF
122    -rwxr-x---  2 root perf_users  11M Oct 19 15:12 perf
131    # setcap -v "cap_perfmon,cap_sys_ptrace,cap_syslog=ep" perf
144 'perf top', alternatively use 'perf top -m N', to reduce the memory that
153   # perf top -e cycles
167 -----------------------------------
172 -1:
174      performance monitoring. Per-user per-cpu perf_event_mlock_kb [2]_
176      performance data. This is the least secure mode since allowed
181      *scope* includes per-process and system wide performance monitoring
185      analysis. Per-user per-cpu perf_event_mlock_kb locking limit is
190      *scope* includes per-process performance monitoring only and
193      monitored and captured for later analysis. Per-user per-cpu
198      *scope* includes per-process performance monitoring only. CPU and
200      monitored and captured for later analysis. Per-user per-cpu
205 ---------------------------------
211 every configured PMU event. Open file descriptors are a per-process
213 (ulimit -n), which is usually derived from the login shell process. When
216 configuration. RLIMIT_NOFILE limit can be increased on per-user basis
228 per-cpu limits of memory allowed for mapping by the user processes to
230 RLIMIT_MEMLOCK [11]_ limit, but only for memory regions mapped
235 4128 KiB of memory above the RLIMIT_MEMLOCK limit (ulimit -l) for
239 monitoring processes, for example, using the --mmap-pages Perf record
251 ------------
254 .. [2] `<http://man7.org/linux/man-pages/man2/perf_event_open.2.html>`_
258 .. [6] `<http://man7.org/linux/man-pages/man7/capabilities.7.html>`_
259 .. [7] `<http://man7.org/linux/man-pages/man2/ptrace.2.html>`_
261 .. [9] `<https://en.wikipedia.org/wiki/Model-specific_register>`_
262 .. [10] `<http://man7.org/linux/man-pages/man5/acl.5.html>`_
263 .. [11] `<http://man7.org/linux/man-pages/man2/getrlimit.2.html>`_
264 .. [12] `<http://man7.org/linux/man-pages/man5/limits.conf.5.html>`_
266 .. [14] `<http://man7.org/linux/man-pages/man8/auditd.8.html>`_