Chapter 52. Compiler and Tools
Oprofile utilities cannot collect performance data in kernel code by default
Kernel in Red Hat Enterprise Linux 7.3 changes the default value of
/proc/sys/kernel/perf_event_paranoid
from 1
to 2
. As a consequence, collection of performance event data of code in the kernel requires root privileges. When running the occount
or operf
utility as a normal user, the default performance event attempts to collect data for both kernel and user code and the setup of the performance event fails because of the default perf_event_paranoid
setting.
To work around this problem, change the value in
/proc/sys/kernel/perf_event_paranoid
to 1
. If unable to do that, instead determine the default event used on the machine by running the ophelp -d
command, and then explicitly change the end of the event from :1:1
to :0:1
to disable data collection in the kernel space, for example:
$ operf -e CPU_CLK_UNHALTED:100000:0:0:1 true
As a result, changing
/proc/sys/kernel/perf_event_paranoid
or explicitly disabling monitoring of kernel events for normal users allows collection of data, thus avoiding this issue. (BZ#1349077)
The pesign
key database requires manually changing permissions to enable improved access permission controls
The
pesign
key database, which is used to sign UEFI binaries, now offers a more generalized method of setting database access permissions. You can now configure permissions using system-wide key databases, and means that any user or group can now be granted access.
However, a known issue in permission settings in
pesign
currently prevents the aforementioned new feature from working. To enable the improved access control, you must change the permissions to pesign
manually:
chmod 0660 /etc/pki/pesign/* chmod 0770 /etc/pki/pesign
After setting these permissions, the improved access control will become available. If you do not perform these steps,
pesign
behavior will be identical to previous releases. (BZ#1141263)