[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lmi-commits] [lmi] master f94663e: Add a script that's not ready to use
|
From: |
Greg Chicares |
|
Subject: |
[lmi-commits] [lmi] master f94663e: Add a script that's not ready to use |
|
Date: |
Tue, 29 Sep 2020 05:02:28 -0400 (EDT) |
branch: master
commit f94663e929a4ed031211672583d4e29f6109c3ff
Author: Gregory W. Chicares <gchicares@sbcglobal.net>
Commit: Gregory W. Chicares <gchicares@sbcglobal.net>
Add a script that's not ready to use
Committing it to a personal subdirectory seemed better than discarding
it.
---
gwc/allow_perf.sh | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
diff --git a/gwc/allow_perf.sh b/gwc/allow_perf.sh
new file mode 100755
index 0000000..d5dfd9c
--- /dev/null
+++ b/gwc/allow_perf.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# Allow 'perf' to be run by members of a certain group.
+
+# Copyright (C) 2020 Gregory W. Chicares.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+#
+# https://savannah.nongnu.org/projects/lmi
+# email: <gchicares@sbcglobal.net>
+# snail: Chicares, 186 Belle Woods Drive, Glastonbury CT 06033, USA
+
+# The copyright notice above is pro forma only. This is all based on:
+# https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
+
+# This may become useful someday, but for now...
+exit 9
+
+cd /usr/bin || { printf 'failed: cd\n'; exit 3; }
+groupadd perf_users
+chgrp perf_users perf
+chmod o-rwx perf
+ls -l perf
+# if "cap_perfmon" is supported:
+# setcap "cap_perfmon,cap_sys_ptrace,cap_syslog=ep" perf
+# setcap -v "cap_perfmon,cap_sys_ptrace,cap_syslog=ep" perf
+# otherwise:
+setcap "38,cap_ipc_lock,cap_sys_ptrace,cap_syslog=ep" perf
+setcap -v "38,cap_ipc_lock,cap_sys_ptrace,cap_syslog=ep" perf
+getcap perf
+
+echo "usermod -aG perf_users SomeUserName"
+
+# To use the new capabilities without logging out and back in:
+# newgrp perf_users
+# but see:
+# https://lists.nongnu.org/archive/html/lmi/2020-09/msg00073.html
+
+# Disliked alternative:
+# echo 1 >/proc/sys/kernel/perf_event_paranoid
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lmi-commits] [lmi] master f94663e: Add a script that's not ready to use,
Greg Chicares <=