https://bugzilla.suse.com/show_bug.cgi?id=1221763 https://bugzilla.suse.com/show_bug.cgi?id=1221763#c16 --- Comment #16 from Michael Matz <matz@suse.com> --- (In reply to Johannes Segitz from comment #15)
That's not really how it came to be, but I get the feeling that you're not really interested in a constructive dialogue, so lets not simulate one.
Indeed.
Just set the sysctl that matches your use case, so for you kernel.yama.ptrace_scope=0
After reading https://github.com/torvalds/linux/blob/master/security/yama/yama_lsm.c it's really only ptrace that yama deals with, so that sysctl is indeed the only thing necessary to disable all of it. Further, if I read the kernel docu correctly I should be able to disable all LSMs by adding 'lsm=capability' to the boot command line, which integrates better with the disabling of spectre mitigations I'm doing anyway. So I'll (try to) add that to my list of things to do on new machine installs. -- You are receiving this mail because: You are on the CC list for the bug.