From: Peter Müller <peter.mueller@ipfire.org>
Date: Mon, 20 Jun 2022 20:10:47 +0000 (+0000)
Subject: sysctl: Actually arm YAMA
X-Git-Tag: v2.27-core170~48
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f62b488f82b5eb6bbbc1b57d90a919d61346ef5f;p=ipfire-2.x.git

sysctl: Actually arm YAMA

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 6bf3bc8875..4d4f765eaa 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -108,3 +108,6 @@ kernel.core_uses_pid = 1
 
 # Block non-uid-0 profiling
 kernel.perf_event_paranoid = 3
+
+# Deny any ptrace use as there is no legitimate use-case for it on IPFire
+kernel.yama.ptrace_scope = 3