On Wed, Dec 11, 2019 at 01:52:15PM +0300, Alexey Budankov wrote:
> Undoubtedly, SELinux is the powerful, mature, whole level of functionality that
> could provide benefits not only for perf_events subsystem. However perf_events
> is built around capabilities to provide access control to its functionality,
> thus perf_events would require considerable rework prior it could be controlled
> thru SELinux.
You mean this:
da97e18458fb ("perf_event: Add support for LSM and SELinux checks")
?
> Then the adoption could also require changes to the installed
> infrastructure just for the sake of adopting alternative access control mechanism.
This is still very much true.
