On Tue, Jun 23, 2015 at 9:09 AM, Mark Wielaard <mjw@xxxxxxxxxx> wrote: > On Tue, 2015-06-23 at 07:25 -0400, Josh Boyer wrote: >> The upstream default is 1 here, correct? It might be worth noting that. > > Right, when CONFIG_SECURITY_YAMA is enabled. Added that to the > description. Updated patch attached. > >> > diff --git a/kernel.spec b/kernel.spec >> > index dfc4500..87efd85 100644 >> > --- a/kernel.spec >> > +++ b/kernel.spec >> > @@ -460,6 +460,9 @@ Source1000: config-local >> > Source2000: cpupower.service >> > Source2001: cpupower.config >> > >> > +# Default sysctl files >> > +Source3000: 10-yama-ptrace.conf >> >> We don't ship any other sysctl files in the kernel package. > > But we do ship other service and config files. Which is what this patch > modeled after. The alternative fix for the kernel is to just disable > yama completely. But then the admin cannot add any more yama based > restrictions at all if they wanted. I suggested submitting this to the systemd package to sit with all the rest of the sysctl options we ship in the distro. I wasn't saying don't ship it. I was saying keep it with everything else. >> Help me out, is _sysctldir defined as /etc/sysctl.d or >> /usr/lib/sysctl.d/ ? The latter is where this file should go in any >> case. > > The latter. OK, good. josh _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
