Closed madaidan closed 4 years ago
FYI: there will be upcoming changes related to perf_event_paranoid
in linux 5.5: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da97e18458fb42d7c00fac5fd1c56a3896ec666e
can we get this adjusted for the latest tree, as there have been perf code changes
Oops... I'm not sure what I did but it broke. I think I'll just resend it.
Perf events expose tons of attack surface and have been the cause of many vulnerabilities. linux-hardened restricts these to root by default but this still allows the root user to attack the kernel.
This disallows all access to perf events by all users, including root, when the kernel.perf_event_open sysctl is set to 4 to reduce attack surface.
This keeps the default value as 3 as to not cause too much breakage but users can optionally increase the value.