${titlePost}

Salvatore Bonaccorso requested to merge carnil/linux:enable-yama-by-default into debian/latest May 09, 2025

When in 2013 it was requested to enable Yama LSM in #704750, later on in the Debian bug #712740 it was requested to be disabled by default because it prevented some debugging operations.

It was argued, that while having restricted ptrace enabled makes debugging harder, it is a security feature with a different default set upstream.

Switch to what is set upstream as default (kernel.yama.ptrace_scope = 1) and so drop the Debian specific patch.

Closes: #1025071

Drop "yama: Disable by default" and use upstream default to restrict ptrace

Merge request reports