On Wed, 26 Mar 2014 22:17:25 +0100 Thomas Bächler <thomas@xxxxxxxxxxxxx> wrote: > Am 26.03.2014 21:31, schrieb Leonid Isaev: > > On Wed, 26 Mar 2014 21:00:15 +0100 > > Thomas Bächler <thomas@xxxxxxxxxxxxx> wrote: > > > >> Am 26.03.2014 20:18, schrieb Leonid Isaev: > >>> However, I don't think that Yama requires any userspace components, does > >>> it? Currently, I boot with "security=yama" and completely disabled > >>> non-admin ptrace (kernel.yama.ptrace_scope=2). Perhaps -ARCH kernels > >>> should keep Yama available albeit disabled by default (as they now do). > >> > >> Once yama is built-in, the ptrace_scope protection is enabled by > >> default. There is no option to change that. > >> > > > > But by default, kernel.yama.ptrace_scope = 0 > > No. The default is 1. > Yes, you are right, I was speaking from the old memory... If this causes problems and a default sysctl.d/ conf file is not desired, then I guess, Yama can go away as well. Does this discussion also apply to the -lts kernel? Thanks, -- Leonid Isaev GnuPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
Attachment:
signature.asc
Description: PGP signature
