[arch-general] [arch-dev-public] Trimming down our default kernel configuration
lisaev at umail.iu.edu
Wed Mar 26 16:31:41 EDT 2014
On Wed, 26 Mar 2014 21:00:15 +0100
Thomas Bächler <thomas at archlinux.org> wrote:
> Am 26.03.2014 20:18, schrieb Leonid Isaev:
> > However, I don't think that Yama requires any userspace components, does
> > it? Currently, I boot with "security=yama" and completely disabled
> > non-admin ptrace (kernel.yama.ptrace_scope=2). Perhaps -ARCH kernels
> > should keep Yama available albeit disabled by default (as they now do).
> Once yama is built-in, the ptrace_scope protection is enabled by
> default. There is no option to change that.
But by default, kernel.yama.ptrace_scope = 0, which according to documentation
(Yama.txt) is like having no ptrace restriction at all, and indeed gdb/strace
GnuPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: not available
More information about the arch-general