Comment # 16 on bug 1221763 from Michael Matz 
(In reply to Johannes Segitz from comment #15)
> That's not really how it came to be, but I get the feeling that you're not
> really interested in a constructive dialogue, so lets not simulate one.

Indeed.

> Just set the sysctl that matches your use case, so for you
> kernel.yama.ptrace_scope=0

After reading
  https://github.com/torvalds/linux/blob/master/security/yama/yama_lsm.c
it's really only ptrace that yama deals with, so that sysctl is indeed the only
thing necessary to disable all of it.

Further, if I read the kernel docu correctly I should be able to disable all
LSMs by adding 'lsm=capability' to the boot command line, which integrates
better with
the disabling of spectre mitigations I'm doing anyway.  So I'll (try to) add
that
to my list of things to do on new machine installs.

You are receiving this mail because: