]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - config/etc/sysctl.conf
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sysctl: Actually arm YAMA
[ipfire-2.x.git] / config / etc / sysctl.conf
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 6bf3bc8875a92c3eecf0fd134d2822e9888cd806..4d4f765eaa48196abb46e128f1e45225dcdadcfd 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -108,3 +108,6 @@ kernel.core_uses_pid = 1
 
 # Block non-uid-0 profiling
 kernel.perf_event_paranoid = 3
+
+# Deny any ptrace use as there is no legitimate use-case for it on IPFire
+kernel.yama.ptrace_scope = 3
IPFire 2.x development tree