dgit.raspbian.org Git - linux.git/commit

author	Ben Hutchings <ben@decadent.org.uk>
	Mon, 11 Jan 2016 15:23:55 +0000 (15:23 +0000)
committer	Ben Hutchings <benh@debian.org>
	Sun, 4 Aug 2024 20:10:58 +0000 (22:10 +0200)
commit	d75ff64e257f8a985ec93b5bdb43e1531c2896b2
tree	38cc0963e76343dbeb2588cfe23c1f2d593c5fe9	tree \| snapshot
parent	fd3a06035a0ffb6f670a3cdb18999201989a5610	commit \| diff

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lore.kernel.org/all/20160111152355.GS28542@decadent.org.uk/

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

include/linux/perf_event.h		diff \| blob \| history
kernel/events/core.c		diff \| blob \| history
security/Kconfig		diff \| blob \| history