Merge pull request #256159 from YtvwlD/yama

nixos/sysctl: Stop disabling yama by default
author: Thiago Kenji Okada <thiagokokada@gmail.com> 2023-11-26 10:32:32 +0000
committer: GitHub <noreply@github.com> 2023-11-26 10:32:32 +0000
commit: e6e0787c3fceccf43e8e38ba028b8a83ed671a0e (patch)
tree: 2f1f64c15c249ba44252eac3af526b20385be861 /nixos/modules/profiles
parent: 26dc8777161c6ae36fd3ddd23dc1c8bc65fe4368 (diff)
parent: 1ee5a5b6ed5d1ea9226bf32fdd2af276ae475baa (diff)
1 files changed, 0 insertions, 4 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 856ee480fc0b..74dc2cb1b9aa 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -79,10 +79,6 @@ with lib;
     "ufs"
   ];
 
-  # Restrict ptrace() usage to processes with a pre-defined relationship
-  # (e.g., parent/child)
-  boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;
-
   # Hide kptrs even for processes with CAP_SYSLOG
   boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;
author	Thiago Kenji Okada <thiagokokada@gmail.com>	2023-11-26 10:32:32 +0000
committer	GitHub <noreply@github.com>	2023-11-26 10:32:32 +0000
commit	e6e0787c3fceccf43e8e38ba028b8a83ed671a0e (patch)
tree	2f1f64c15c249ba44252eac3af526b20385be861 /nixos/modules/profiles
parent	26dc8777161c6ae36fd3ddd23dc1c8bc65fe4368 (diff)
parent	1ee5a5b6ed5d1ea9226bf32fdd2af276ae475baa (diff)