Comment # 2 on bug 1221763 from Michael Matz

Seems to have come in via https://bugzilla.suse.com/show_bug.cgi?id=1128245
CCing Jiri.  Maybe it's only the support at all that came in via the above and
not
the default switch to "on"?

Either way, I don't think having this on by default is a good idea, it prevents
_each and all_ ptrace to non-childs (and hence debugging of running processes
in
general), when not being root.  People who want system-wide ptrace separation
(and for unknown reasons don't want to use real sandboxes, like separate PID
namespaces!?#) can enable this on an opt-in basis.