Sysctl: kernel.perf_event_paranoid
This sysctl key controls the use of the performance events system. It restricts what actions an unprivileged user can do when using the perf tools. This setting is useful to limit the access to possibly sensitive information that can be gathered from the kernel and processes.
Debian-based systems may have higher numbers available than the current upper limit of 2, which is also the default value.
Values
| Value | Description |
|---|---|
| -1 | Allow use of (almost) all events by all users. Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK. |
| >=0 | Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN. Disallow raw tracepoint access by users without CAP_SYS_ADMIN. |
| >=1 | Disallow CPU event access by users without CAP_SYS_ADMIN. |
| >=2 | Disallow kernel profiling by users without CAP_SYS_ADMIN. |
Show current value
The value of the kernel.perf_event_paranoid can be retrieved using the sysctl command.
sysctl kernel.perf_event_paranoidor using the proc file system:
sysctl /proc/sys/kernel/perf_event_paranoidConfigure new value
To apply a new value, use the option --write, followed by the key and value.
sysctl --write kernel.perf_event_paranoid=NEWVALUETo ensure that these changes are also applied during the next boot, add them to a configuration file, typically something like /etc/sysctl.d/99-custom.conf.
