capabilities.7: Add CAP_PERFMON

author Michael Kerrisk <mtk.manpages@gmail.com>

Fri, 12 Jun 2020 09:50:57 +0000 (11:50 +0200)

committer Michael Kerrisk <mtk.manpages@gmail.com>

Fri, 12 Jun 2020 11:52:22 +0000 (13:52 +0200)
author Michael Kerrisk <mtk.manpages@gmail.com>
Fri, 12 Jun 2020 09:50:57 +0000 (11:50 +0200)
committer Michael Kerrisk <mtk.manpages@gmail.com>
Fri, 12 Jun 2020 11:52:22 +0000 (13:52 +0200)
diff --git a/man7/capabilities.7 b/man7/capabilities.7

index 6254c0ac0183f9bcf39b9250fe27ea39d35bb599..fb9960ec871241e673aa500776b6a43e8ce0082c 100644 (file)
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -265,6 +265,23 @@ bind to any address for transparent proxying.
  .PD
  .\" Also various IP options and setsockopt(SO_BINDTODEVICE)
  .TP
+.BR CAP_PERFMON " (since Linux 5.8)"
+Employ various performance-monitoring mechanisms, including:
+.PD 0
+.RS
+.IP *2
+call
+.BR perf_event_open (2);
+.IP *
+employ various BPF operations that have performance implications.
+.RE
+.PD
+.IP
+This capability was added in Linux 5.8 to separate out
+performance monitoring functionality from the overloaded
+.BR CAP_SYS_ADMIN
+capability.
+.TP
  .B CAP_SETGID
  .RS
  .PD 0
@@ -399,8 +416,8 @@ and
  (but, since Linux 3.8,
  creating user namespaces does not require any capability);
  .IP *
-call
-.BR perf_event_open (2);
+employ various performance monitoring mechanisms (as for
+.BR CAP_PERFMON );
  .IP *
  access privileged
  .I perf
author	Michael Kerrisk <mtk.manpages@gmail.com>
	Fri, 12 Jun 2020 09:50:57 +0000 (11:50 +0200)
committer	Michael Kerrisk <mtk.manpages@gmail.com>
	Fri, 12 Jun 2020 11:52:22 +0000 (13:52 +0200)