ACK: [SRU Bionic/linux-raspi2 1/1] UBUNTU: [Config]: set CONFIG_SECURITY_PERF_EVENTS_RESTRICT
Stefan Bader
stefan.bader at canonical.com
Fri Nov 27 07:43:09 UTC 2020
On 26.11.20 21:52, Thadeu Lima de Souza Cascardo wrote:
> BugLink: https://bugs.launchpad.net/bugs/1905786
>
> perf_event_open should be restricted by default, meaning that users should not
> be able to use perf, unless they are privileged (have CAP_SYS_ADMIN), or change
> /proc/sys/kernel/perf_event_paranoid to -1.
>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
> ---
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> debian.raspi2/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian.raspi2/config/config.common.ubuntu b/debian.raspi2/config/config.common.ubuntu
> index f83fb889e365..b2098cb63c59 100644
> --- a/debian.raspi2/config/config.common.ubuntu
> +++ b/debian.raspi2/config/config.common.ubuntu
> @@ -5018,7 +5018,7 @@ CONFIG_SECURITY_DEFAULT_DISPLAY_NAME="apparmor"
> CONFIG_SECURITY_NETWORK=y
> CONFIG_SECURITY_NETWORK_XFRM=y
> CONFIG_SECURITY_PATH=y
> -# CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set
> +CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
> CONFIG_SECURITY_SELINUX=y
> CONFIG_SECURITY_SELINUX_AVC_STATS=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20201127/71cb11e9/attachment.sig>
More information about the kernel-team
mailing list