From ef6fc4c03f26665b3db95935ed0316dcae603e53 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Thu, 16 Feb 2023 19:11:38 +0300 Subject: [PATCH] Add more info about perf_event_paranoid Thanks to @izh1979 --- kconfig_hardened_check/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 48df2fc..83ab1eb 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -13,7 +13,7 @@ # N.B. Hardening sysctls: # kernel.kptr_restrict=2 (or 1?) # kernel.dmesg_restrict=1 (also see the kconfig option) -# kernel.perf_event_paranoid=3 +# kernel.perf_event_paranoid=2 (or 3 with a custom patch, see https://lwn.net/Articles/696216/) # kernel.kexec_load_disabled=1 # kernel.yama.ptrace_scope=3 # user.max_user_namespaces=0 -- 2.31.1