Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d28f856d authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Dmitry Shmidt
Browse files

FROMLIST: security,perf: Allow further restriction of perf_event_open 

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include making
the variable read-only.  It also allows enabling further restriction
at run-time regardless of whether the default is changed.

https://lkml.org/lkml/2016/1/11/587



Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>

Bug: 29054680
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
parent 56b70ac2
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment