]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2fcfe2e)
sysctl: Permit ptrace usage for processes with CAP_SYS_PTRACE
authorPeter Müller <peter.mueller@ipfire.org>
Wed, 29 Jun 2022 19:43:08 +0000 (19:43 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Wed, 29 Jun 2022 19:43:08 +0000 (19:43 +0000)
https://lists.ipfire.org/pipermail/development/2022-June/013763.html

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
config/etc/sysctl.conf patch | blob | blame | history

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 4d4f765eaa48196abb46e128f1e45225dcdadcfd..31a220e384ea44ceb9d85b9257f03188f7474733 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -109,5 +109,5 @@ kernel.core_uses_pid = 1
 # Block non-uid-0 profiling
 kernel.perf_event_paranoid = 3
 
-# Deny any ptrace use as there is no legitimate use-case for it on IPFire
-kernel.yama.ptrace_scope = 3
+# Only processes with CAP_SYS_PTRACE may use ptrace
+kernel.yama.ptrace_scope = 2
IPFire 2.x development tree