Option to disable ptrace_scope security flag.

[giulianobelinassi]

OpenSUSE Tumbleweed introduced a YAMA option as default to disable ptrace of sibling processes. This affects the behavior of gdb and Userspace Livepatching. We have two options in this case:

• Run the tests as root.
• Disable ptrace_scope by running:

sudo echo 0 > /proc/sys/kernel/yama/ptrace_scope

or setting kernel.yama.ptrace_scope = 0 in /etc/sysctl.conf.

This problem comes from this openSUSE bug bsc#1221763

What we expect is an option to disable the ptrace_scope flag in the *.spec file, so we can run the tests of gdb and libpulp as expected.

[vries]

A third, intermediate option is to use linux capabilities.

I've written a script using capsh, submitted here, that I used to run the gdb testsuite.

It's based on an example found here.

The benefits of this approach are:

• you don't run tests with full root permissions (although you still need root permission to obtain the CAP_SYS_PTRACE capability).
• you don't change system-wide settings.

[darix]

the kernel obs build package could just ship the sysctl file

[adrianschroeter]

this is a content decision, please follow up with code stream maintainer as already happening in https://bugzilla.suse.com/show_bug.cgi?id=1221763