On Tue, Mar 28, 2017 at 06:47:11PM +0200, Manuel Bouyer wrote: > On Tue, Mar 28, 2017 at 11:30:52AM -0500, David Young wrote: > > [...] > > What do you mean by "legitimately" use rdtsc? It seems to me that it > > is legitimate for a user to use a high-resolution timer to profile some > > code that's under development. They may want to avoid running that code > > with root privileges under most circumstances. > > > > Sure. > At the very last a sysctl to remove the restriction is needed.
Just to expand on that, an interface to set the restriction on a per-process (per-thread?) level would be handy. Capabilities beckon! :-) Dave -- David Young dyo...@pobox.com Urbana, IL (217) 721-9981