Is it safe to set paranoid to -1?

On development machines, yes. On production servers, it could leak information about kernel and other processes to unprivileged users. For production profiling, use sudo or grant CAP_SYS_ADMIN to specific users.

Can I use perf in Docker containers?

Yes, but the container needs access to the host's performance counters. Use docker run --privileged or --cap-add SYS_ADMIN --security-opt seccomp=unconfined. The host also needs perf_event_paranoid set appropriately.

Linux perf Tool Permission Denied — Performance Counter Access Restricted

Informationalsystem

Overview

Fix Linux perf tool 'Permission denied' or 'not permitted' errors when trying to profile applications or record performance counters as a non-root user.

Key Details

The perf tool accesses hardware performance counters (CPU cache, branch prediction, cycles)
Access is controlled by the kernel parameter kernel.perf_event_paranoid (0-4 scale)
Default setting (2 or higher) restricts perf to root or users with CAP_SYS_ADMIN capability
Setting perf_event_paranoid to -1 allows all users full access (security trade-off)
perf record creates perf.data files that can be analyzed with perf report and perf script

Common Causes

kernel.perf_event_paranoid set to 2 or higher (default on most distributions)
Running perf without root privileges on a restricted system
Container environment restricting access to host performance counters
Secure Boot or lockdown mode preventing access to performance monitoring

Steps

1Check current setting: 'cat /proc/sys/kernel/perf_event_paranoid'
2Allow perf for current session: 'sudo sysctl kernel.perf_event_paranoid=-1'
3Make persistent: add 'kernel.perf_event_paranoid=-1' to /etc/sysctl.conf
4Alternative: run perf with sudo: 'sudo perf record -g ./my-application'
5In containers: the host must allow perf access — add --privileged or SYS_ADMIN capability

More in System

windows-C000021A-status-system-process-terminatedWindows Error 0xC000021A — STATUS SYSTEM PROCESS TERMINATED

Critical

windows-C0000225-boot-configuration-errorWindows Error 0xC0000225 — Boot Configuration Error

Critical

windows-C000000F-boot-selection-failedWindows Error 0xC000000F — Boot Selection Failed

Critical

windows-80004005-unspecified-errorWindows Error 0x80004005 — Unspecified Error

Warning

windows-80070570-file-or-directory-corruptedWindows Error 0x80070570 — File or Directory Corrupted

Error

windows-system-0xc0000185Windows Error 0xC0000185 — Boot Device Inaccessible

Critical

Frequently Asked Questions

-1: no restrictions. 0: allow user-space monitoring. 1: allow kernel tracing (default Debian). 2: restrict to per-process monitoring only (default RHEL). 3-4: fully restricted. Lower values give more access but reduce security.

Linux perf Tool Permission Denied — Performance Counter Access Restricted

Overview

Key Details

Common Causes

Steps

Tags

More in System

Frequently Asked Questions