From 60899ca667375c0cd5c6c32abcf2e13995b0a412 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Wed, 12 Feb 2020 22:36:17 +0200
Subject: [PATCH] etc/sysctl.d: add kernel.yama.ptrace_scope = 1

---
 etc/sysctl.d/00-ptrace-restricted.conf | 3 +++
 etc/sysctl.d/60-mikaela.conf           | 4 ++++
 2 files changed, 7 insertions(+)
 create mode 100644 etc/sysctl.d/00-ptrace-restricted.conf

diff --git a/etc/sysctl.d/00-ptrace-restricted.conf b/etc/sysctl.d/00-ptrace-restricted.conf
new file mode 100644
index 00000000..b352ab7c
--- /dev/null
+++ b/etc/sysctl.d/00-ptrace-restricted.conf
@@ -0,0 +1,3 @@
+# Only let debugging child processes
+# https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
+kernel.yama.ptrace_scope = 1
diff --git a/etc/sysctl.d/60-mikaela.conf b/etc/sysctl.d/60-mikaela.conf
index 106a4e5e..8ed27554 100644
--- a/etc/sysctl.d/60-mikaela.conf
+++ b/etc/sysctl.d/60-mikaela.conf
@@ -21,3 +21,7 @@ net.ipv6.conf.all.use_tempaddr=2
 ## Enable the Magic SysRq key
 ## https://en.wikipedia.org/wiki/Magic_SysRq_key
 kernel.sysrq = 1
+
+# Only let debugging child processes
+# https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
+kernel.yama.ptrace_scope = 1