* Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote: > As far as sysctl we can look at two with similar purpose: > sysctl_perf_event_paranoid and modules_disabled. > First one is indeed multi level, but not because of the fear of bugs, > but because of real security implications. It serves both purposes flexibly, and note that most people and distros will use the default value. > [...] Like raw events on hyperthreaded cpu or uncore events can extract data > from other user processes. So it controls these extra privileges. It also controls the generally increased risk caused by a larger attack surface, which some users may not want to carry and which they can thus shrink. With a static keys approach there would be no runtime overhead worth speaking of, so I see no reason why unprivileged eBPF couldn't have a sysctl too - with the default value set to permissive. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
