dgit.raspbian.org Git - linux.git/commit

author	Ben Hutchings <ben@decadent.org.uk>
	Mon, 11 Jan 2016 15:23:55 +0000 (15:23 +0000)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Fri, 10 Jan 2025 10:03:22 +0000 (11:03 +0100)
commit	e0fdc718b75c3882592bedce3e1f08ca56407e35
tree	4f4905e12612e8f35c4e012fab7f50db4340b80b	tree \| snapshot
parent	d69f55d54a147c183c392a2af11e52197de0e3e7	commit \| diff

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lore.kernel.org/all/20160111152355.GS28542@decadent.org.uk/

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

include/linux/perf_event.h		diff \| blob \| history
kernel/events/core.c		diff \| blob \| history
security/Kconfig		diff \| blob \| history