dgit.raspbian.org Git - linux.git/commit

author	Ben Hutchings <ben@decadent.org.uk>
	Mon, 11 Jan 2016 15:23:55 +0000 (15:23 +0000)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Sat, 18 Jan 2025 09:10:54 +0000 (10:10 +0100)
commit	b8acda5bc89220128172050ec5bdd8f22b922830
tree	692f035dd50474aba50a5fc8a7c1f182cafa8561	tree \| snapshot
parent	ff3f022ca42c3993ccabfa2a68e1019fd56d92a5	commit \| diff

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lore.kernel.org/all/20160111152355.GS28542@decadent.org.uk/

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

include/linux/perf_event.h		diff \| blob \| history
kernel/events/core.c		diff \| blob \| history
security/Kconfig		diff \| blob \| history