shell-things/etc/sysctl.d/00-ptrace-restricted.conf

# Only let child processes to be debugged
# https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
#kernel.yama.ptrace_scope = 1
# Only processes with CAP_SYS_PTRACE capability are allowed unless children
# call PTRACE_TRACEME.
kernel.yama.ptrace_scope = 2
# Disable debuggers entirely. Cannot be unset [without reboot].
#kernel.yama.ptrace_scope = 3
etc/sysctl.d: go through, mkdir questionable/ Resolves: #93 2021-06-19 14:41:49 +02:00			`# Only let child processes to be debugged`
etc/sysctl.d: add kernel.yama.ptrace_scope = 1 2020-02-12 21:36:17 +01:00			`# https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html`
00-ptrace-restricted.conf: set to 3 I cannot remember when I last needed it and this makes Edgium about:sandbox happy 2021-09-06 17:45:38 +02:00			`#kernel.yama.ptrace_scope = 1`
sysctl.d/00-ptrace-restricted.conf: drop from 3 to 2 (no to admin-only) 2024-07-23 14:18:35 +02:00			`# Only processes with CAP_SYS_PTRACE capability are allowed unless children`
			`# call PTRACE_TRACEME.`
			`kernel.yama.ptrace_scope = 2`
			`# Disable debuggers entirely. Cannot be unset [without reboot].`
			`#kernel.yama.ptrace_scope = 3`