[d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open

Alexey Sheplyakov asheplyakov на basealt.ru
Чт Июн 2 18:15:11 MSK 2022


Hi,

On Thu, Jun 02, 2022 at 03:31:00AM +0300, Vitaly Chikunov wrote:
> The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity.  Adds the
> option to disable perf_event_open() entirely for unprivileged users.
> This standalone version doesn't include making the variable read-only
> (or renaming it).
> 
> When kernel.perf_event_open is set to 3 (or greater), disallow all
> access to performance events by users without CAP_SYS_ADMIN.
> Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
> makes this value the default.

No, thanks. Profiling on Linux is already more diffucult than it should be
Making things even more complicated is not appreciated at all.

Best regards,
	Alexey


Подробная информация о списке рассылки devel-kernel