Having this in Yama would also make it probable that there would be a security-centric default. It would end up wiping out unprivileged perf events access on distributions using Yama for ptrace_scope unless they make the explicit decision to disable it. Having the perf subsystem extend the existing perf_event_paranoid sysctl leaves the control over the upstream default in the hands of the perf subsystem, not LSMs.
Attachment:
signature.asc
Description: This is a digitally signed message part