From 5086ed681da4784474f0f71aaa70ec1d4940897c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Wed, 29 Jun 2022 19:43:08 +0000 Subject: [PATCH] sysctl: Permit ptrace usage for processes with CAP_SYS_PTRACE MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit https://lists.ipfire.org/pipermail/development/2022-June/013763.html Reported-by: Michael Tremer Signed-off-by: Peter Müller --- config/etc/sysctl.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 4d4f765eaa..31a220e384 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -109,5 +109,5 @@ kernel.core_uses_pid = 1 # Block non-uid-0 profiling kernel.perf_event_paranoid = 3 -# Deny any ptrace use as there is no legitimate use-case for it on IPFire -kernel.yama.ptrace_scope = 3 +# Only processes with CAP_SYS_PTRACE may use ptrace +kernel.yama.ptrace_scope = 2 -- 2.39.5