Lines Matching +full:group +full:- +full:index +full:- +full:bits

7 --------
50 -------------------------------
62 effective GID, and supplementary group list).
66 independently enabled and disabled on per-thread basis for processes and
103 ---------------------------------
105 Mechanisms of capabilities, privileged capability-dumb files [6]_,
111 1. Create perf_users group of privileged Perf users, assign perf_users
112    group to Perf tool executable and limit access to the executable for
113    other users in the system who are not in the perf_users group:
118    # ls -alhF
119    -rwxr-xr-x  2 root root  11M Oct 19 15:12 perf
121    # ls -alhF
122    -rwxr-xr-x  2 root perf_users  11M Oct 19 15:12 perf
123    # chmod o-rwx perf
124    # ls -alhF
125    -rwxr-x---  2 root perf_users  11M Oct 19 15:12 perf
128    enable members of perf_users group with monitoring and observability
134    # setcap -v "cap_perfmon,cap_sys_ptrace,cap_syslog=ep" perf
147 'perf top', alternatively use 'perf top -m N', to reduce the memory that
156   # perf top -e cycles
160 As a result, members of perf_users group are capable of conducting
172 utility for members of perf_users group only. In order to create such
177    process, lock the process security bits after enabling SECBIT_NO_SETUID_FIXUP,
178    SECBIT_NOROOT and SECBIT_NO_CAP_AMBIENT_RAISE bits and then change
180    be a member of perf_users group:
184    # ls -alh /usr/local/bin/perf.shell
185    -rwxr-xr-x. 1 root root 83 Oct 13 23:57 /usr/local/bin/perf.shell
187    exec /usr/sbin/capsh --iab=^cap_perfmon --secbits=239 --user=$SUDO_USER -- -l
189 2. Extend sudo policy at /etc/sudoers file with a rule for perf_users group:
196 3. Check that members of perf_users group have access to the privileged
203 …ups=1004(capsh_test),1000(perf_users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
212   $ capsh --decode=0000004000000000
215 As a result, members of perf_users group have access to the privileged
224 -----------------------------------
229 -1:
231      performance monitoring. Per-user per-cpu perf_event_mlock_kb [2]_
238      *scope* includes per-process and system wide performance monitoring
242      analysis. Per-user per-cpu perf_event_mlock_kb locking limit is
247      *scope* includes per-process performance monitoring only and
250      monitored and captured for later analysis. Per-user per-cpu
255      *scope* includes per-process performance monitoring only. CPU and
257      monitored and captured for later analysis. Per-user per-cpu
262 ---------------------------------
268 every configured PMU event. Open file descriptors are a per-process
270 (ulimit -n), which is usually derived from the login shell process. When
273 configuration. RLIMIT_NOFILE limit can be increased on per-user basis
285 per-cpu limits of memory allowed for mapping by the user processes to
292 4128 KiB of memory above the RLIMIT_MEMLOCK limit (ulimit -l) for
296 monitoring processes, for example, using the --mmap-pages Perf record
308 ------------
311 .. [2] `<http://man7.org/linux/man-pages/man2/perf_event_open.2.html>`_
313 .. [4] `<https://perf.wiki.kernel.org/index.php/Main_Page>`_
315 .. [6] `<http://man7.org/linux/man-pages/man7/capabilities.7.html>`_
316 .. [7] `<http://man7.org/linux/man-pages/man2/ptrace.2.html>`_
318 .. [9] `<https://en.wikipedia.org/wiki/Model-specific_register>`_
319 .. [10] `<http://man7.org/linux/man-pages/man5/acl.5.html>`_
320 .. [11] `<http://man7.org/linux/man-pages/man2/getrlimit.2.html>`_
321 .. [12] `<http://man7.org/linux/man-pages/man5/limits.conf.5.html>`_
323 .. [14] `<http://man7.org/linux/man-pages/man8/auditd.8.html>`_
324 .. [15] `<https://man7.org/linux/man-pages/man8/sudo.8.html>`_