Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open

From: Daniel Micay
Date: Wed Aug 03 2016 - 08:54:01 EST

Next message: Mikulas Patocka: "Re: [dm-devel] [RFC PATCH 2/2] mm, mempool: do not throttle PF_LESS_THROTTLE tasks"
Previous message: Vladimir Davydov: "Re: [PATCH v3 1/3] mm: memcontrol: fix swap counter leak on swapout from offline cgroup"
In reply to: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Next in thread: Peter Zijlstra: "Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Having this in Yama would also make it probable that there would be a
security-centric default. It would end up wiping out unprivileged perf
events access on distributions using Yama for ptrace_scope unless they
make the explicit decision to disable it. Having the perf subsystem
extend the existing perf_event_paranoid sysctl leaves the control over
the upstream default in the hands of the perf subsystem, not LSMs.

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Mikulas Patocka: "Re: [dm-devel] [RFC PATCH 2/2] mm, mempool: do not throttle PF_LESS_THROTTLE tasks"
Previous message: Vladimir Davydov: "Re: [PATCH v3 1/3] mm: memcontrol: fix swap counter leak on swapout from offline cgroup"
In reply to: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Next in thread: Peter Zijlstra: "Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]