Granting `perf` permission

[andryandrew]

Whatever I do, it doesn't seem I can grant perf capabilities to work, i.e.:

$ junest -f -b "--cap-add ALL"
  (junest)# which perf
/usr/bin/perf
  (junest)# cd /usr/bin
  (junest) .../bin# getcap ./perf

  (junest) .../bin# setcap 'cap_perfmon,cap_sys_ptrace,cap_sys_admin,cap_syslog=ep' ./perf
  (junest) .../bin# getcap ./perf
./perf cap_sys_ptrace,cap_sys_admin,cap_syslog,cap_perfmon=ep
  (junest) .../bin# ll ./perf
-rwxr-xr-x 2 root root 26M Dec 22 21:16 perf*
  (junest) .../bin# whoami
root
  (junest) .../bin# ./perf stat
Error:
Access to performance monitoring and observability operations is limited.
Consider adjusting /proc/sys/kernel/perf_event_paranoid setting to open
access to performance monitoring and observability operations for processes
without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux capability.
More information can be found at 'Perf events and tool security' document:
https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
perf_event_paranoid setting is 4:
  -1: Allow use of (almost) all events by all users
      Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK
>= 0: Disallow raw and ftrace function tracepoint access
>= 1: Disallow CPU event access
>= 2: Disallow kernel profiling
To make the adjusted perf_event_paranoid setting permanent preserve it
in /etc/sysctl.conf (e.g. kernel.perf_event_paranoid = <setting>)

(I don't have admin access on the host machine, so I cannot change perf_event_paranoid).

Is this a fundamental limitation of fakeroot? I can get a debugger to work correctly, so ptrace has sufficient permissions.

[fsquillace]

These are kernel params to set and requires root permission to change them. Junest uses the host machine's kernel to work.