Open hsane2001 opened 1 month ago
We can definitely make gProfiler run without root. It will require some iterative work of encountering problems, fixing them (by making them handle the lack of permissions gracefully) and continuing.
Things I already have on my mind:
verify_preconditions
.run_in_ns
& access /proc/pid/ns/
files, which might be inaccessible if you're not root. The use case of running gProfiler w/o root is to profile applications running in the same mount/pid namespace, so all run_in_ns
interaction is optional and can be made so (for example, gprofiler can have a run_in_ns_wrapper
that checks if we're root and skips the privileged operation if we're root).perf
itself can run w/o root - modifying kernel.perf_event_paranoid
is one thing, in addition I think that we'll need to run perf in a per-process mode (and not -a
mode). I don't know if Linux allows you to run perf in -a
mode while underprivileged, but it'd make little sense to me. However, running perf in -p
mode, targeting PIDs of the same user, makes sense. If perf
is desired and -a
will be blocked, we can make gProfiler when runs underprivielged to run perf record -p
(for example, based on PIDs passed via --pids
to gProfiler)./tmp
by default but might fallback to /opt
which is root-only).If you're working on eliminating the root requirement, you can write thoughts here about how to handle particular parts being blocked due to underprivilege, and I'll help addressing. I'm also open to a Zoom discussion over it :)
Can we allow gprofiler to run without sudo? There are many instances where sudo is not possible and it would be great to get app level stacks even if in a limited manner. Besides perf which would require sudo (although can be made to run otherwise), there are many cases where the code internally uses root access to the filesystem for namespaces and storing intermediate data.