From db2a30b05721fe219726cca388a56be82b192f22 Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Thu, 9 Jan 2020 00:54:58 +0000 Subject: factory-default: define kernel.perf_event_paranoid sysctl --- factory-default/sys-apps/baselayout/etc/sysctl.conf | 3 +++ 1 file changed, 3 insertions(+) (limited to 'factory-default') diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf index 21a5fabf..8882326f 100644 --- a/factory-default/sys-apps/baselayout/etc/sysctl.conf +++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf @@ -35,6 +35,9 @@ kernel.pid_max = 4194304 # Users must have CAP_SYSLOG to use dmesg kernel.dmesg_restrict = 1 +# Disallow kernel profiling by users without CAP_SYS_ADMIN +kernel.perf_event_paranoid = 2 + # Do not allow O_CREAT open on regular files that we don't own in world # writable sticky directories, unless they are owned by the owner of the # directory -- cgit v1.2.3