Shawn, Can you supply more background on this patch. Looking at security/yama/yama_lsm.c: [[ #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1 #define YAMA_SCOPE_CAPABILITY 2 #define YAMA_SCOPE_NO_ATTACH 3 static int ptrace_scope = YAMA_SCOPE_RELATIONAL; ]] This suggests that your statement that the default value is 2 is incorrect, but I may be missing something. Cheers, Michael On 12/21/13 13:37, Shawn Landden wrote: > Signed-off-by: Shawn Landden <shawn@xxxxxxxxxxxxxxx> > --- > man2/kcmp.2 | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/man2/kcmp.2 b/man2/kcmp.2 > index 59dd4d1..c910ac2 100644 > --- a/man2/kcmp.2 > +++ b/man2/kcmp.2 > @@ -187,7 +187,12 @@ is invalid. > Insufficient permission to inspect process resources. > The > .B CAP_SYS_PTRACE > -capability is required to inspect processes that you do not own. > +capability is required to inspect processes that you do not own. Other > +limitations on ptrace apply, such as > +.BR CONFIG_SECURITY_YAMA , > +which when /proc/sys/kernel/yama/ptrace_scope is 2 (the default) limits > +.BR kcmp() > +to child processes. > .TP > .B ESRCH > Process > -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
