[d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open
asheplyakov на basealt.ru
Чт Июн 2 18:15:11 MSK 2022
On Thu, Jun 02, 2022 at 03:31:00AM +0300, Vitaly Chikunov wrote:
> The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity. Adds the
> option to disable perf_event_open() entirely for unprivileged users.
> This standalone version doesn't include making the variable read-only
> (or renaming it).
> When kernel.perf_event_open is set to 3 (or greater), disallow all
> access to performance events by users without CAP_SYS_ADMIN.
> Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
> makes this value the default.
No, thanks. Profiling on Linux is already more diffucult than it should be
Making things even more complicated is not appreciated at all.
Подробная информация о списке рассылки devel-kernel