From: Alexey Sheplyakov <asheplyakov@basealt.ru>
To: ALT Linux kernel packages development <devel-kernel@lists.altlinux.org>
Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open
Date: Thu, 2 Jun 2022 19:15:11 +0400
Message-ID: <YpjTyDetPLPNJCmf@asheplyakov-rocket> (raw)
In-Reply-To: <20220602003100.524482-1-vt@altlinux.org>
Hi,
On Thu, Jun 02, 2022 at 03:31:00AM +0300, Vitaly Chikunov wrote:
> The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity. Adds the
> option to disable perf_event_open() entirely for unprivileged users.
> This standalone version doesn't include making the variable read-only
> (or renaming it).
>
> When kernel.perf_event_open is set to 3 (or greater), disallow all
> access to performance events by users without CAP_SYS_ADMIN.
> Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
> makes this value the default.
No, thanks. Profiling on Linux is already more diffucult than it should be
Making things even more complicated is not appreciated at all.
Best regards,
Alexey
next prev parent reply other threads:[~2022-06-02 15:15 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-02 0:31 Vitaly Chikunov
2022-06-02 7:14 ` Dmitry V. Levin
2022-06-02 12:40 ` Vitaly Chikunov
2022-06-02 13:29 ` Vitaly Chikunov
2022-06-02 15:58 ` Andrey Savchenko
2022-06-02 17:06 ` Vitaly Chikunov
2022-06-02 18:26 ` Vladimir D. Seleznev
2022-06-02 18:42 ` Andrey Savchenko
2022-06-02 18:56 ` Dmitry V. Levin
2022-06-03 6:27 ` Andrey Savchenko
2022-06-02 19:08 ` Vladimir D. Seleznev
2022-06-03 6:16 ` Andrey Savchenko
2022-06-03 12:41 ` Vladimir D. Seleznev
2022-06-03 12:54 ` Andrey Savchenko
2022-06-02 15:15 ` Alexey Sheplyakov [this message]
2022-06-02 16:39 ` Dmitry V. Levin
2022-06-03 6:25 ` Andrey Savchenko
2022-06-03 15:07 ` Vitaly Chikunov
2022-06-05 7:48 ` Alexey Sheplyakov
2022-06-05 7:59 ` Dmitry V. Levin
2022-06-06 14:31 ` Alexey Sheplyakov
2022-06-05 13:04 ` Vladimir D. Seleznev
2022-06-06 9:20 ` Alexey Sheplyakov
2022-06-06 10:31 ` Andrey Savchenko
2022-06-06 12:10 ` Alexey Sheplyakov
2022-06-06 12:53 ` Vladimir D. Seleznev
2022-06-06 12:59 ` Vladimir D. Seleznev
2022-06-08 14:27 ` [d-kernel] right to profile (Re: [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open) Alexey Sheplyakov
2022-06-15 11:19 ` [d-kernel] [JT] Re: right to profile Michael Shigorin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YpjTyDetPLPNJCmf@asheplyakov-rocket \
--to=asheplyakov@basealt.ru \
--cc=devel-kernel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux kernel packages development
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel-kernel/0 devel-kernel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel-kernel devel-kernel/ http://lore.altlinux.org/devel-kernel \
devel-kernel@altlinux.org devel-kernel@altlinux.ru devel-kernel@altlinux.com
public-inbox-index devel-kernel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git