1da0c48c4Sopenharmony_ci# When yama is enabled in the kernel it might be used to filter any user 2da0c48c4Sopenharmony_ci# space access which requires PTRACE_MODE_ATTACH like ptrace attach, access 3da0c48c4Sopenharmony_ci# to /proc/PID/{mem,personality,stack,syscall}, and the syscalls 4da0c48c4Sopenharmony_ci# process_vm_readv and process_vm_writev which are used for interprocess 5da0c48c4Sopenharmony_ci# services, communication and introspection (like synchronisation, signaling, 6da0c48c4Sopenharmony_ci# debugging, tracing and profiling) of processes. 7da0c48c4Sopenharmony_ci# 8da0c48c4Sopenharmony_ci# Usage of ptrace attach is restricted by normal user permissions. Normal 9da0c48c4Sopenharmony_ci# unprivileged processes cannot interact through ptrace with processes 10da0c48c4Sopenharmony_ci# that they cannot send signals to or processes that are running set-uid 11da0c48c4Sopenharmony_ci# or set-gid. 12da0c48c4Sopenharmony_ci# 13da0c48c4Sopenharmony_ci# yama ptrace scope can be used to reduce these permissions even more. 14da0c48c4Sopenharmony_ci# This should normally not be done because it will break various programs 15da0c48c4Sopenharmony_ci# relying on the default ptrace security restrictions. But can be used 16da0c48c4Sopenharmony_ci# if you don't have any other way to separate processes in their own 17da0c48c4Sopenharmony_ci# domains. A different way to restrict ptrace is to set the selinux 18da0c48c4Sopenharmony_ci# deny_ptrace boolean. Both mechanisms will break some programs relying 19da0c48c4Sopenharmony_ci# on the ptrace system call and might force users to elevate their 20da0c48c4Sopenharmony_ci# privileges to root to do their work. 21da0c48c4Sopenharmony_ci# 22da0c48c4Sopenharmony_ci# For more information see Documentation/security/Yama.txt in the kernel 23da0c48c4Sopenharmony_ci# sources. Which also describes the defaults when CONFIG_SECURITY_YAMA 24da0c48c4Sopenharmony_ci# is enabled in a kernel build (currently 1 for ptrace_scope). 25da0c48c4Sopenharmony_ci# 26da0c48c4Sopenharmony_ci# This runtime kernel parameter can be set to the following options: 27da0c48c4Sopenharmony_ci# (Note that setting this to anything except zero will break programs!) 28da0c48c4Sopenharmony_ci# 29da0c48c4Sopenharmony_ci# 0 - Default attach security permissions. 30da0c48c4Sopenharmony_ci# 1 - Restricted attach. Only child processes plus normal permissions. 31da0c48c4Sopenharmony_ci# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. 32da0c48c4Sopenharmony_ci# 3 - No attach. No process may call ptrace at all. Irrevocable. 33da0c48c4Sopenharmony_ci# 34da0c48c4Sopenharmony_cikernel.yama.ptrace_scope = 0 35da0c48c4Sopenharmony_ci 36