Setcap: issues running ollama with cap_perfmon capability

mynewlaptop · 14 October 2024 17:24

Hello all, I’m seeing some weird behaviour, which maybe you can help me debug. It’s possible that I’m doing something wrong.

I want to run a binary (ollama) with cap_perfmon capability, so that it can use Vulkan. I’ve done the following:

sudo setcap cap_perfmon=+ep ./ollama
sudo getcap ./ollama
./ollama cap_perfmon=ep

getcap nicely shows that the executable now has cap_perfmon capability.

However, when I run the binary and check the capabilities with:

cat /proc/14036/status | grep -i cap
CapInh:	0000000800000000
CapPrm:	0000000000000000
CapEff:	0000000000000000
CapBnd:	000001ffffffffff
CapAmb:	0000000000000000

It basically says that the process does not have any capabilities. (CapPrm: 0000000000000000)

Likewise when I do

getcap /proc/PID/exe

I don’t see any capabilities. But I see cap_perfmon if I run getcap on the actual binary /proc/PID/exe points to.

I also tried adding cap_perfmon to /etc/security/capability.conf to enable it for everything for my user. Likewise no luck.

Any recommendations as to what I could be doing wrong?

Nachlese · 14 October 2024 17:58

I think this is (at least a kind of) XY problem.

Tomek · 15 October 2024 00:41

Do you have /home partition mounted with nosuid option?

linux-aarhus · 15 October 2024 06:38

What is the output from

inxi -SPxx

mynewlaptop · 15 October 2024 07:15

That was indeed the issue, many thanks @Tomek !

I was running the binary directly from the build directory, which is mounted with nosuid. This makes Manjaro silently ignore cap_perfmon. Really sneaky! Moving the binary to /usr/bin solved the problem.

system · 18 October 2024 07:16

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.