Public bug reported: I am trying to run node_exporter without root, with cap_perfmon and --collector.perf as well as --collector.perf.hardware-profilers=CpuCycles,CpuInstr. Expected behavior: node_exporter exports instructions and cpu cycle metrics Actual behavior: no perf metrics
version: Ubuntu 6.8.0-87.88-generic 6.8.12 Ubuntu carries a patch that introduces a new security level for perf events: perf_event_paranoid=4 This patch limits calling the perf open syscall to processes with CAP_SYS_ADMIN. This patch is from ~2016. Example commit for resolute: https://git.launchpad.net/~canonical- kernel/ubuntu/+source/linux- aws/+git/resolute/commit/kernel/events/core.c?id=eaa91347f6f8112c5c567f93123bfe3b82bd1593 In 2020 a new capability was introduced, CAP_PERFMON, that should be sufficient for using perf. The code now checks with perfmon_capable() if the process has CAP_SYS_ADMIN _or_ CAP_PERFMON. I am trying to get cpu hardware metrics with CAP_PERFMON but can't. Looking at the commit message, timing and effect I think the introduction of CAP_PERFMON was missed The patch > + if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) > + return -EACCES; should probably be > + if (perf_paranoid_any() && !perfmon_capable()) > + return -EACCES; ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: linux-image-6.8.0-87-generic 6.8.0-87.88 ProcVersionSignature: Ubuntu 6.8.0-87.88-generic 6.8.12 Uname: Linux 6.8.0-87-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.8 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: rtreffer 2521 F.... wireplumber /dev/snd/seq: rtreffer 2519 F.... pipewire CRDA: N/A CasperMD5CheckResult: pass Date: Mon Nov 10 21:46:59 2025 InstallationDate: Installed on 2025-11-08 (2 days ago) InstallationMedia: Ubuntu-Server 24.04.3 LTS "Noble Numbat" - Release amd64 (20250805.1) IwConfig: lo no wireless extensions. enp1s0 no wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap Bus 001 Device 003: ID 0627:0001 Adomax Technology Co., Ltd QEMU Tablet Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Lsusb-t: /: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/15p, 480M |__ Port 001: Dev 002, If 0, Class=Chip/SmartCard, Driver=[none], 12M |__ Port 002: Dev 003, If 0, Class=Human Interface Device, Driver=usbhid, 480M /: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/15p, 5000M MachineType: QEMU Standard PC (Q35 + ICH9, 2009) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.8.0-87-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro RelatedPackageVersions: linux-restricted-modules-6.8.0-87-generic N/A linux-backports-modules-6.8.0-87-generic N/A linux-firmware 20240318.git3b128b60-0ubuntu2.19 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/08/2025 dmi.bios.release: 0.0 dmi.bios.vendor: Ubuntu distribution of EDK II dmi.bios.version: 2025.02-8ubuntu3 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-q35-10.1 dmi.modalias: dmi:bvnUbuntudistributionofEDKII:bvr2025.02-8ubuntu3:bd10/08/2025:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-10.1:cvnQEMU:ct1:cvrpc-q35-10.1:sku: dmi.product.name: Standard PC (Q35 + ICH9, 2009) dmi.product.version: pc-q35-10.1 dmi.sys.vendor: QEMU ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2131046 Title: CAP_PERFMON insufficient to get perf data To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2131046/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
