Mailinglist Archive: opensuse-kernel (14 mails)

< Previous Next >
[opensuse-kernel] Re: enable Yama LSM
What is yama? I don't recall seeing it as a kernel configuration
option. and I just just tumbleweed and don't see a package named
yama anything.

Yama is a relatively small security module (LSM).
It is enabled by CONFIG_SECURITY_YAMA and adds restrictions to how programs can use the ptrace syscall. These
restrictions can be managed at runtime with a sysctl knob:

https://www.kernel.org/doc/Documentation/security/Yama.txt

The highest setting (ptrace_scope=3) will be interesting mainly for servers and other locked down systems.
In the lowest setting (ptrace_scope=1), usability issues are extremely rare. This is Ubuntu's default since 2010.

Sorry for being under-informed.

I left out essential information, sorry for this.

Thanks!
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-kernel+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
  • No further messages