APPLIED: [SRU Bionic/linux-raspi2 1/1] UBUNTU: [Config]: set CONFIG_SECURITY_PERF_EVENTS_RESTRICT
Ian May
ian.may at canonical.com
Fri Dec 18 21:13:33 UTC 2020
Applied to bionic/linux-raspi2
Thanks,
Ian
On 2020-11-26 17:52:06 , Thadeu Lima de Souza Cascardo wrote:
> BugLink: https://bugs.launchpad.net/bugs/1905786
>
> perf_event_open should be restricted by default, meaning that users should not
> be able to use perf, unless they are privileged (have CAP_SYS_ADMIN), or change
> /proc/sys/kernel/perf_event_paranoid to -1.
>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
> ---
> debian.raspi2/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian.raspi2/config/config.common.ubuntu b/debian.raspi2/config/config.common.ubuntu
> index f83fb889e365..b2098cb63c59 100644
> --- a/debian.raspi2/config/config.common.ubuntu
> +++ b/debian.raspi2/config/config.common.ubuntu
> @@ -5018,7 +5018,7 @@ CONFIG_SECURITY_DEFAULT_DISPLAY_NAME="apparmor"
> CONFIG_SECURITY_NETWORK=y
> CONFIG_SECURITY_NETWORK_XFRM=y
> CONFIG_SECURITY_PATH=y
> -# CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set
> +CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
> CONFIG_SECURITY_SELINUX=y
> CONFIG_SECURITY_SELINUX_AVC_STATS=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> --
> 2.27.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list