diff options
| author | Bertrand Jacquin <bertrand@jacquin.bzh> | 2020-01-09 00:54:58 +0000 |
|---|---|---|
| committer | Bertrand Jacquin <bertrand@jacquin.bzh> | 2020-01-09 00:54:58 +0000 |
| commit | db2a30b05721fe219726cca388a56be82b192f22 (patch) | |
| tree | 42a27be0e15e54c87a5fc88d53e7326148183f58 | |
| parent | factory-default: refresh net-p2p/xmr-stak-rx sysctl (diff) | |
| download | portage-db2a30b05721fe219726cca388a56be82b192f22.tar.xz | |
factory-default: define kernel.perf_event_paranoid sysctl
| -rw-r--r-- | factory-default/sys-apps/baselayout/etc/sysctl.conf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf index 21a5fabf..8882326f 100644 --- a/factory-default/sys-apps/baselayout/etc/sysctl.conf +++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf @@ -35,6 +35,9 @@ kernel.pid_max = 4194304 # Users must have CAP_SYSLOG to use dmesg kernel.dmesg_restrict = 1 +# Disallow kernel profiling by users without CAP_SYS_ADMIN +kernel.perf_event_paranoid = 2 + # Do not allow O_CREAT open on regular files that we don't own in world # writable sticky directories, unless they are owned by the owner of the # directory |