capabilities.7: Add CAP_PERFMON

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-12 11:50:57 +02:00 · 2020-06-12 11:50:57 +02:00 · e39e42409d
parent 0071462373
commit e39e42409d
1 changed files with 19 additions and 2 deletions
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@ -265,6 +265,23 @@ bind to any address for transparent proxying.
 .PD
 .\" Also various IP options and setsockopt(SO_BINDTODEVICE)
 .TP
+.BR CAP_PERFMON " (since Linux 5.8)"
+Employ various performance-monitoring mechanisms, including:
+.PD 0
+.RS
+.IP *2
+call
+.BR perf_event_open (2);
+.IP *
+employ various BPF operations that have performance implications.
+.RE
+.PD
+.IP
+This capability was added in Linux 5.8 to separate out
+performance monitoring functionality from the overloaded
+.BR CAP_SYS_ADMIN
+capability.
+.TP
 .B CAP_SETGID
 .RS
 .PD 0
@ -399,8 +416,8 @@ and
 (but, since Linux 3.8,
 creating user namespaces does not require any capability);
 .IP *
-call
-.BR perf_event_open (2);
+employ various performance monitoring mechanisms (as for
+.BR CAP_PERFMON );
 .IP *
 access privileged
 .I perf