[SRU Bionic/linux-raspi2 1/1] UBUNTU: [Config]: set CONFIG_SECURITY_PERF_EVENTS_RESTRICT
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Nov 26 20:52:06 UTC 2020
BugLink: https://bugs.launchpad.net/bugs/1905786
perf_event_open should be restricted by default, meaning that users should not
be able to use perf, unless they are privileged (have CAP_SYS_ADMIN), or change
/proc/sys/kernel/perf_event_paranoid to -1.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
---
debian.raspi2/config/config.common.ubuntu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian.raspi2/config/config.common.ubuntu b/debian.raspi2/config/config.common.ubuntu
index f83fb889e365..b2098cb63c59 100644
--- a/debian.raspi2/config/config.common.ubuntu
+++ b/debian.raspi2/config/config.common.ubuntu
@@ -5018,7 +5018,7 @@ CONFIG_SECURITY_DEFAULT_DISPLAY_NAME="apparmor"
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
-# CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set
+CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
--
2.27.0
More information about the kernel-team
mailing list