Linux perf Tool Permission Denied — Performance Counter Access Restricted
About Linux perf Tool Permission Denied
Fix Linux perf tool 'Permission denied' or 'not permitted' errors when trying to profile applications or record performance counters as a non-root user. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: The perf tool accesses hardware performance counters (CPU cache, branch prediction, cycles). Access is controlled by the kernel parameter kernel.perf_event_paranoid (0-4 scale). Default setting (2 or higher) restricts perf to root or users with CAP_SYS_ADMIN capability. Setting perf_event_paranoid to -1 allows all users full access (security trade-off). perf record creates perf.data files that can be analyzed with perf report and perf script. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: kernel.perf_event_paranoid set to 2 or higher (default on most distributions). Running perf without root privileges on a restricted system. Container environment restricting access to host performance counters. Secure Boot or lockdown mode preventing access to performance monitoring. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Check current setting: 'cat /proc/sys/kernel/perf_event_paranoid'. Allow perf for current session: 'sudo sysctl kernel.perf_event_paranoid=-1'. Make persistent: add 'kernel.perf_event_paranoid=-1' to /etc/sysctl.conf. Alternative: run perf with sudo: 'sudo perf record -g ./my-application'. In containers: the host must allow perf access — add --privileged or SYS_ADMIN capability. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Linux Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
What do the paranoid levels mean?
-1: no restrictions. 0: allow user-space monitoring. 1: allow kernel tracing (default Debian). 2: restrict to per-process monitoring only (default RHEL). 3-4: fully restricted. Lower values give more access but reduce security.
Overview
Fix Linux perf tool 'Permission denied' or 'not permitted' errors when trying to profile applications or record performance counters as a non-root user.
Key Details
- The perf tool accesses hardware performance counters (CPU cache, branch prediction, cycles)
- Access is controlled by the kernel parameter kernel.perf_event_paranoid (0-4 scale)
- Default setting (2 or higher) restricts perf to root or users with CAP_SYS_ADMIN capability
- Setting perf_event_paranoid to -1 allows all users full access (security trade-off)
- perf record creates perf.data files that can be analyzed with perf report and perf script
Common Causes
- kernel.perf_event_paranoid set to 2 or higher (default on most distributions)
- Running perf without root privileges on a restricted system
- Container environment restricting access to host performance counters
- Secure Boot or lockdown mode preventing access to performance monitoring
Steps
- 1Check current setting: 'cat /proc/sys/kernel/perf_event_paranoid'
- 2Allow perf for current session: 'sudo sysctl kernel.perf_event_paranoid=-1'
- 3Make persistent: add 'kernel.perf_event_paranoid=-1' to /etc/sysctl.conf
- 4Alternative: run perf with sudo: 'sudo perf record -g ./my-application'
- 5In containers: the host must allow perf access — add --privileged or SYS_ADMIN capability