Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / d28f856d2cf735bd10014a73373cf7544cec20d6
commitd28f856d2cf735bd10014a73373cf7544cec20d6[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Sun May 29 14:22:32 2016 -0700
committerDmitry Shmidt <dimitrysh@google.com>Fri Jan 27 13:55:09 2017 -0800
tree3102874a364d84cec6be3982fd2c72458cf5d7a7
parent56b70ac2447f0b900c0432451f706bbff5dc261f [diff]
FROMLIST: security,perf: Allow further restriction of perf_event_open

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include making
the variable read-only.  It also allows enabling further restriction
at run-time regardless of whether the default is changed.

https://lkml.org/lkml/2016/1/11/587

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Bug: 29054680
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
4 files changed
tree: 3102874a364d84cec6be3982fd2c72458cf5d7a7
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS