On Wed, Aug 03, 2016 at 11:53:41AM -0700, Kees Cook wrote: > > Kees Cook <[email protected]> writes: > > > >> On Tue, Aug 2, 2016 at 1:30 PM, Peter Zijlstra <[email protected]> > >> wrote: > >> Let me take this another way instead. What would be a better way to > >> provide a mechanism for system owners to disable perf without an LSM? > >> (Since far fewer folks run with an enforcing "big" LSM: I'm seeking as > >> wide a coverage as possible.) > > > > I vote for sandboxes. Perhaps seccomp. Perhaps a per userns sysctl. > > Perhaps something else. > > Peter, did you happen to see Eric's solution to this problem for > namespaces? Basically, a per-userns sysctl instead of a global sysctl. > Is that something that would be acceptable here?
Someone would have to educate me on what a userns is and how that would help here.
