Jongy
commented
1 month ago We can definitely make gProfiler run without root. It will require some iterative work of encountering problems, fixing them (by making them handle the lack of permissions gracefully) and continuing.
Things I already have on my mind:
- Need to remove the actual check for "is root" in
verify_preconditions. - Many sites in gProfiler use
run_in_ns& access/proc/pid/ns/files, which might be inaccessible if you're not root. The use case of running gProfiler w/o root is to profile applications running in the same mount/pid namespace, so allrun_in_nsinteraction is optional and can be made so (for example, gprofiler can have arun_in_ns_wrapperthat checks if we're root and skips the privileged operation if we're root). perfitself can run w/o root - modifyingkernel.perf_event_paranoidis one thing, in addition I think that we'll need to run perf in a per-process mode (and not-amode). I don't know if Linux allows you to run perf in-amode while underprivileged, but it'd make little sense to me. However, running perf in-pmode, targeting PIDs of the same user, makes sense. Ifperfis desired and-awill be blocked, we can make gProfiler when runs underprivielged to runperf record -p(for example, based on PIDs passed via--pidsto gProfiler).- There might be additional issues - perhaps directories gProfiler tries to write to (we use
/tmpby default but might fallback to/optwhich is root-only).
If you're working on eliminating the root requirement, you can write thoughts here about how to handle particular parts being blocked due to underprivilege, and I'll help addressing. I'm also open to a Zoom discussion over it :)
Can we allow gprofiler to run without sudo? There are many instances where sudo is not possible and it would be great to get app level stacks even if in a limited manner. Besides perf which would require sudo (although can be made to run otherwise), there are many cases where the code internally uses root access to the filesystem for namespaces and storing intermediate data.