[PATCH] Add 10-yama-ptrace.conf (rhbz 1209492)
Josh Boyer
jwboyer at fedoraproject.org
Mon Jul 6 13:39:04 UTC 2015
On Mon, Jul 6, 2015 at 9:10 AM, Mark Wielaard <mjw at redhat.com> wrote:
> On Tue, 2015-06-23 at 16:56 +0200, Mark Wielaard wrote:
>> On Tue, 2015-06-23 at 09:11 -0400, Josh Boyer wrote:
>> > On Tue, Jun 23, 2015 at 9:09 AM, Mark Wielaard <mjw at redhat.com> wrote:
>> > >> We don't ship any other sysctl files in the kernel package.
>> > >
>> > > But we do ship other service and config files. Which is what this patch
>> > > modeled after. The alternative fix for the kernel is to just disable
>> > > yama completely. But then the admin cannot add any more yama based
>> > > restrictions at all if they wanted.
>> >
>> > I suggested submitting this to the systemd package to sit with all the
>> > rest of the sysctl options we ship in the distro. I wasn't saying
>> > don't ship it. I was saying keep it with everything else.
>>
>> OK. I made a patch for the systemd package and attached it to a new bug:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1234951
>> Once that patch is applied to the f22 systemd package the kernel package
>> should probably depend on the version in which it is fixed.
>
> The systemd maintainers decided they don't want to carry sysctl files
> for the kernel. So I have attached an alternative patch to
No, that isn't what they decided. They pushed a change to systemd
that contained the sysctl file:
commit 90aeeef683cc21ad43162f1e45a08d335776825e
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Jun 27 14:00:14 2015 -0400
Add example file with yama config
it simply lacks the value you desire.
> https://bugzilla.redhat.com/show_bug.cgi?id=1209492 (an to this email)
> to revert the yama config setting to the upstream default. This fixes
That would make the sysctl file systemd just added on your request
completely pointless and actually incorrect because changing the value
wouldn't work at all.
josh
More information about the kernel
mailing list