From: Peter Müller <peter.mueller@ipfire.org>
Date: Wed, 29 Jun 2022 19:43:08 +0000 (+0000)
Subject: sysctl: Permit ptrace usage for processes with CAP_SYS_PTRACE
X-Git-Tag: v2.27-core170~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5086ed681da4784474f0f71aaa70ec1d4940897c;p=ipfire-2.x.git

sysctl: Permit ptrace usage for processes with CAP_SYS_PTRACE

https://lists.ipfire.org/pipermail/development/2022-June/013763.html

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 4d4f765eaa..31a220e384 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -109,5 +109,5 @@ kernel.core_uses_pid = 1
 # Block non-uid-0 profiling
 kernel.perf_event_paranoid = 3
 
-# Deny any ptrace use as there is no legitimate use-case for it on IPFire
-kernel.yama.ptrace_scope = 3
+# Only processes with CAP_SYS_PTRACE may use ptrace
+kernel.yama.ptrace_scope = 2