I've noticed that OpenSUSE currently doesn't enable the Yama security
module. The ptrace_scope restriction provided by this module is a
valuable security feature for most systems, so I'd like to propose to
enable the Yama LSM in the future.
This topic has already been discussed in 2014¹, but apparently without
conclusive results. Not mentioned back then was that, since kernel 3.7,
Yama stacks automatically with major security modules. In other words,
coexistence with AppArmor should not be a problem in current versions -
as shown by Ubuntu which uses both.
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org