feat: run memtrack memory profiling without sudo via file capabilities

[not-matthias]

No description provided.

[codspeed-hq]

Merging this PR will not alter performance

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

✅ 7 untouched benchmarks

---

_{Comparing feat/memtrack-sudoless (05b53e2) with main (9e21a9c)}

[greptile-apps]

Greptile Summary

This PR replaces the previous sudo-wrapped memtrack invocation with file capabilities (setcap), so codspeed-memtrack can be run directly without a per-run sudo prompt. A one-time setcap is performed during codspeed setup, the granted capabilities are verified via the security.capability xattr before each run, and a hard-fail guard in executor.run() gives an actionable error when privileges are missing.

• permitted_caps_from_xattr / binary_has_capabilities \u2014 a hand-rolled xattr decoder checks VFS_CAP_REVISION_1/2/3 layouts and correctly handles both 32-bit cap words, backed by targeted unit tests.
• ensure_memtrack_capabilities \u2014 best-effort setup helper that runs setcap via sudo once and warns (but returns Ok(())) on failure; the hard enforcement lives in MemoryExecutor::ensure_privileges() at run time.
• crates/memtrack/src/main.rs \u2014 fixes a silent data-drop: without an IPC channel (standalone mode), the eBPF is_enabled() guard now has tracking enabled up-front.

Confidence Score: 5/5

Safe to merge. The capability-granting path is idempotent and best-effort; the hard privilege gate in run() ensures memtrack never silently runs without the needed caps.

The xattr parsing is correct for all VFS_CAP revisions, the two-layer design (best-effort grant at setup, hard-fail at run) is sound, all tracing-macro and git-pin rules are followed, and the no-IPC tracking fix is clearly correct. The only open points are non-blocking UX refinements.

src/executor/memory/setup.rs — ensure_memtrack_capabilities silently returns Ok(()) when setcap or the post-grant xattr verification fails, so codspeed setup exits 0 even when caps were not actually written.

Important Files Changed

Filename	Overview
src/executor/helpers/run_with_sudo.rs	Adds permitted_caps_from_xattr, binary_has_capabilities, and has_sufficient_privileges helpers for xattr-based file-capability inspection, plus a new run_with_sudo function. Parsing logic correctly maps VFS_CAP_REVISION_1/2/3 layouts; tests are thorough.
src/executor/memory/setup.rs	Adds MEMTRACK_REQUIRED_CAPS / MEMTRACK_SETCAP_SPEC constants and ensure_memtrack_capabilities which is best-effort: setcap failure and post-grant cap verification failure both return Ok(()) with only a warning, so codspeed setup exits 0 even when capabilities were not actually granted.
src/executor/memory/executor.rs	Removes wrap_with_sudo from the run path, adds ensure_privileges() hard-gate before execution, and implements privilege_status() / grant_privileges() for the Executor trait. Logic is clean.
src/executor/mod.rs	Gates memory module and MemoryExecutor behind cfg(target_os = linux), adds PrivilegeStatus enum and privilege_status / grant_privileges default no-op trait methods, calls grant_privileges in run_executor.
crates/memtrack/src/main.rs	Enables tracking up-front when no IPC channel is present (standalone mode), fixing a silent data-drop regression where events would be filtered by the eBPF is_enabled() guard.

Sequence Diagram

sequenceDiagram
    participant User
    participant CLI as codspeed CLI
    participant Setup as setup_executor / run_executor
    participant EC as ensure_memtrack_capabilities
    participant EP as ensure_privileges (run)
    participant Memtrack as codspeed-memtrack (eBPF)

    User->>CLI: codspeed setup --mode memory
    CLI->>Setup: setup_executor()
    Setup->>Setup: executor.setup() install memtrack binary
    Setup->>EC: executor.grant_privileges()
    EC->>EC: memtrack_path() via which
    EC->>EC: binary_has_capabilities()? No
    EC->>EC: run_with_sudo(setcap, spec + path)
    EC-->>Setup: Ok(()) warns on setcap failure
    Setup-->>CLI: Ok(()) exit 0

    User->>CLI: codspeed run --mode memory
    CLI->>Setup: run_executor()
    Setup->>EC: executor.grant_privileges() if not skip_setup
    EC->>EC: binary_has_capabilities()? Yes no-op
    EC-->>Setup: Ok(())
    Setup->>EP: executor.run() ensure_privileges()
    EP->>EP: is_root_user() or has_memtrack_capabilities()
    alt privileges satisfied
        EP-->>Setup: Ok(())
        Setup->>Memtrack: spawn codspeed-memtrack track no sudo
        Memtrack->>Memtrack: load eBPF via file caps
        Memtrack-->>Setup: exit status
    else privileges missing
        EP-->>Setup: Err run codspeed setup
        Setup-->>CLI: bail
    end

Loading

_{Reviews (3): Last reviewed commit: "fixup! fix(runner): gate memory executor..." | Re-trigger Greptile}

[greptile-apps]

MEMTRACK_SETCAP_SPEC and MEMTRACK_REQUIRED_CAPS must be kept in sync manually

These two constants encode the same set of capabilities in two different representations — one as a &[Capability] array (used by memtrack_required_caps_mask() to build the xattr verification mask) and one as a libcap grammar string (passed verbatim to setcap). If a future contributor adds a new capability to MEMTRACK_REQUIRED_CAPS without updating MEMTRACK_SETCAP_SPEC, setcap will grant the old set, the post-grant binary_has_capabilities check will fail (because the required mask is now larger), the "capabilities did not stick" warning fires, and every subsequent codspeed run will hit the ensure_privileges bail with "run codspeed setup" — even though setup was just run successfully. A compile-time or unit-test assertion that MEMTRACK_SETCAP_SPEC names exactly the caps in MEMTRACK_REQUIRED_CAPS would catch this class of drift.