# Only let child processes to be debugged
# https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
#kernel.yama.ptrace_scope = 1
# Only processes with CAP_SYS_PTRACE capability are allowed unless children
# call PTRACE_TRACEME.
kernel.yama.ptrace_scope = 2
# Disable debuggers entirely. Cannot be unset [without reboot].
#kernel.yama.ptrace_scope = 3