From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Fri, 12 Jun 2020 09:50:57 +0000 (+0200)
Subject: capabilities.7: Add CAP_PERFMON
X-Git-Tag: man-pages-5.08~165
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=e39e42409d30c9e9e407c723ad3d3a4c48b55132;p=thirdparty%2Fman-pages.git

capabilities.7: Add CAP_PERFMON

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---

diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 6254c0ac01..fb9960ec87 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -265,6 +265,23 @@ bind to any address for transparent proxying.
 .PD
 .\" Also various IP options and setsockopt(SO_BINDTODEVICE)
 .TP
+.BR CAP_PERFMON " (since Linux 5.8)"
+Employ various performance-monitoring mechanisms, including:
+.PD 0
+.RS
+.IP *2
+call
+.BR perf_event_open (2);
+.IP *
+employ various BPF operations that have performance implications.
+.RE
+.PD
+.IP
+This capability was added in Linux 5.8 to separate out
+performance monitoring functionality from the overloaded
+.BR CAP_SYS_ADMIN
+capability.
+.TP
 .B CAP_SETGID
 .RS
 .PD 0
@@ -399,8 +416,8 @@ and
 (but, since Linux 3.8,
 creating user namespaces does not require any capability);
 .IP *
-call
-.BR perf_event_open (2);
+employ various performance monitoring mechanisms (as for
+.BR CAP_PERFMON );
 .IP *
 access privileged
 .I perf