Add more info about perf_event_paranoid

author Alexander Popov <alex.popov@linux.com>

Thu, 16 Feb 2023 16:11:38 +0000 (19:11 +0300)

committer Alexander Popov <alex.popov@linux.com>

Thu, 16 Feb 2023 16:11:38 +0000 (19:11 +0300)
author Alexander Popov <alex.popov@linux.com>
Thu, 16 Feb 2023 16:11:38 +0000 (19:11 +0300)
committer Alexander Popov <alex.popov@linux.com>
Thu, 16 Feb 2023 16:11:38 +0000 (19:11 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 48df2fc9c13dca179f876e0bf1cc44a41510146c..83ab1ebfa70b7f1d9713a7c747f5804e4230bcb8 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -13,7 +13,7 @@
  # N.B. Hardening sysctls:
  #    kernel.kptr_restrict=2 (or 1?)
  #    kernel.dmesg_restrict=1 (also see the kconfig option)
-#    kernel.perf_event_paranoid=3
+#    kernel.perf_event_paranoid=2 (or 3 with a custom patch, see https://lwn.net/Articles/696216/)
  #    kernel.kexec_load_disabled=1
  #    kernel.yama.ptrace_scope=3
  #    user.max_user_namespaces=0
author	Alexander Popov <alex.popov@linux.com>
	Thu, 16 Feb 2023 16:11:38 +0000 (19:11 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Thu, 16 Feb 2023 16:11:38 +0000 (19:11 +0300)