#
# grecurity configuration
#
config GRKERNSEC_PERF_HARDEN
	bool "Disable unprivileged PERF_EVENTS usage by default"
	depends on PERF_EVENTS
	help
	  If you say Y here, the range of acceptable values for the
	  /proc/sys/kernel/perf_event_paranoid sysctl will be expanded to allow and
	  default to a new value: 3.  When the sysctl is set to this value, no
	  unprivileged use of the PERF_EVENTS syscall interface will be permitted.

	  Though PERF_EVENTS can be used legitimately for performance monitoring
	  and low-level application profiling, it is forced on regardless of
	  configuration, has been at fault for several vulnerabilities, and
	  creates new opportunities for side channels and other information leaks.

	  This feature puts PERF_EVENTS into a secure default state and permits
	  the administrator to change out of it temporarily if unprivileged
	  application profiling is needed.

