From f62b488f82b5eb6bbbc1b57d90a919d61346ef5f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Mon, 20 Jun 2022 20:10:47 +0000
Subject: [PATCH] sysctl: Actually arm YAMA
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/etc/sysctl.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 6bf3bc8875..4d4f765eaa 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -108,3 +108,6 @@ kernel.core_uses_pid = 1
 
 # Block non-uid-0 profiling
 kernel.perf_event_paranoid = 3
+
+# Deny any ptrace use as there is no legitimate use-case for it on IPFire
+kernel.yama.ptrace_scope = 3
-- 
2.39.5