dgit.raspbian.org Git - linux.git/commit

author	Ben Hutchings <ben@decadent.org.uk>
	Mon, 11 Jan 2016 15:23:55 +0000 (15:23 +0000)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Thu, 10 Apr 2025 13:32:40 +0000 (15:32 +0200)
commit	a58c8d911ff59d7282f0443728161f2d11a76d77
tree	a1639f00f2ecc425aea2cc0cc0bf7dce8315b9a0	tree \| snapshot
parent	40d7c5a79649f89141b4c03327fcf9cc5846bdea	commit \| diff

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lore.kernel.org/all/20160111152355.GS28542@decadent.org.uk/

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

include/linux/perf_event.h		diff \| blob \| history
kernel/events/core.c		diff \| blob \| history
security/Kconfig		diff \| blob \| history