]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2c38893)
sysctl: Actually arm YAMA
authorPeter Müller <peter.mueller@ipfire.org>
Mon, 20 Jun 2022 20:10:47 +0000 (20:10 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Mon, 20 Jun 2022 20:10:47 +0000 (20:10 +0000)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
config/etc/sysctl.conf patch | blob | blame | history

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 6bf3bc8875a92c3eecf0fd134d2822e9888cd806..4d4f765eaa48196abb46e128f1e45225dcdadcfd 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -108,3 +108,6 @@ kernel.core_uses_pid = 1
 
 # Block non-uid-0 profiling
 kernel.perf_event_paranoid = 3
+
+# Deny any ptrace use as there is no legitimate use-case for it on IPFire
+kernel.yama.ptrace_scope = 3
IPFire 2.x development tree