(In reply to Johannes Segitz from comment #10) > that's how it should be after the change. Users with different needs (which > shouldn't be too many, not a lot of users do debugging of running processes) > should change the sysctl setting So, just to be sure I completely understand that: because "Archer Allstars" complains about chrome sandboxing showing stuff in "red" and somewhere says "no", the security team implemented this change without further discussion (or rather: after it actually got rejected in jira) and without clear documentation of how to get back a working system (or that such a far-reaching change was done at all, a .changes entry in aaa_base reading "Restrict ptrace with Yama LSM by default" goes unnoticed). Well, super. And there I thought the whole namespace container stuff was done for separation, just to see that the non-containerized distro now goes down the drain as well. So, how can I disable yama? The whole module, all of it, not just this ptrace_scope. I don't want to fiddle with it again if the security team decides to further "enhance security" by randomly enabling other good-sounding options like "disable syscalls".