* Alexei Starovoitov <a...@plumgrid.com> wrote:
> As far as sysctl we can look at two with similar purpose:
> sysctl_perf_event_paranoid and modules_disabled.
> First one is indeed multi level, but not because of the fear of bugs,
> but because of real security implications.
It serves both purposes flexibly, and note that most people and distros will
use
the default value.
> [...] Like raw events on hyperthreaded cpu or uncore events can extract data
> from other user processes. So it controls these extra privileges.
It also controls the generally increased risk caused by a larger attack
surface,
which some users may not want to carry and which they can thus shrink.
With a static keys approach there would be no runtime overhead worth speaking
of,
so I see no reason why unprivileged eBPF couldn't have a sysctl too - with the
default value set to permissive.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
