In experimenting with some of the newer kernels I have found that CONFIG_SECURITY_YAMA is disabled in GalliumOS. This leads to the failure of /etc/sysctl.d/10-ptrace.conf which tries to set /proc/sys/kernel/yama/ptrace_scope to 1.
We should either enable CONFIG_SECURITY_YAMA or disable 10-ptrace.conf. Yama is enabled in the default Ubuntu 18.04 with the intent of preventing a malicious attacker from attaching to running processes to examine them with tools like gdb and strace.
For more information on this and a better description of the security reasons for enabling this, please see your kernel Documentation/admin-guide/LSM/Yama.rst.
My machine specs are ... dmidecode -s system-product-nameBanon
My firmware is essentially MattDevo. (He helped me build my own firmware from his git tree.')
My installation method was ISO.
And to reproduce the problem build kernel 5.2 and look at the dmesg output. The kernel can't set /proc/sys/kernel/yama/ptrace_scope.
Chris
The text was updated successfully, but these errors were encountered:
Hello All,
In experimenting with some of the newer kernels I have found that
CONFIG_SECURITY_YAMAis disabled in GalliumOS. This leads to the failure of/etc/sysctl.d/10-ptrace.confwhich tries to set/proc/sys/kernel/yama/ptrace_scopeto 1.We should either enable CONFIG_SECURITY_YAMA or disable 10-ptrace.conf. Yama is enabled in the default Ubuntu 18.04 with the intent of preventing a malicious attacker from attaching to running processes to examine them with tools like
gdbandstrace.For more information on this and a better description of the security reasons for enabling this, please see your kernel
Documentation/admin-guide/LSM/Yama.rst.My machine specs are ...
dmidecode -s system-product-nameBanonMy firmware is essentially
MattDevo. (He helped me build my own firmware from his git tree.')My installation method was ISO.
And to reproduce the problem build kernel 5.2 and look at the dmesg output. The kernel can't set /proc/sys/kernel/yama/ptrace_scope.
Chris
The text was updated successfully, but these errors were encountered: