https://bugzilla.suse.com/show_bug.cgi?id=1221763 https://bugzilla.suse.com/show_bug.cgi?id=1221763#c2 Michael Matz <matz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jslaby@suse.com --- Comment #2 from Michael Matz <matz@suse.com> --- Seems to have come in via https://bugzilla.suse.com/show_bug.cgi?id=1128245 CCing Jiri. Maybe it's only the support at all that came in via the above and not the default switch to "on"? Either way, I don't think having this on by default is a good idea, it prevents _each and all_ ptrace to non-childs (and hence debugging of running processes in general), when not being root. People who want system-wide ptrace separation (and for unknown reasons don't want to use real sandboxes, like separate PID namespaces!?#) can enable this on an opt-in basis. -- You are receiving this mail because: You are on the CC list for the bug.