yama: Disable by default

author Ben Hutchings <ben@decadent.org.uk>

Wed, 19 Jun 2013 03:35:28 +0000 (04:35 +0100)

committer Ben Hutchings <benh@debian.org>

Tue, 9 Jun 2020 17:50:00 +0000 (18:50 +0100)
author Ben Hutchings <ben@decadent.org.uk>
Wed, 19 Jun 2013 03:35:28 +0000 (04:35 +0100)
committer Ben Hutchings <benh@debian.org>
Tue, 9 Jun 2020 17:50:00 +0000 (18:50 +0100)
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c

index 94dc346370b106a73a78da6d3acfbcb82c297541..e4c0ba32b95c3fac6e87d3a9f3b539c59c4d6c49 100644 (file)
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -24,7 +24,7 @@
  #define YAMA_SCOPE_CAPABILITY  2
  #define YAMA_SCOPE_NO_ATTACH   3
  
-static int ptrace_scope = YAMA_SCOPE_RELATIONAL;
+static int ptrace_scope = YAMA_SCOPE_DISABLED;
  
  /* describe a ptrace relationship for potential exception */
  struct ptrace_relation {
@@ -476,7 +476,7 @@ static inline void yama_init_sysctl(void) { }
  
  static int __init yama_init(void)
  {
-       pr_info("Yama: becoming mindful.\n");
+       pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n");
         security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama");
         yama_init_sysctl();
         return 0;
author	Ben Hutchings <ben@decadent.org.uk>
	Wed, 19 Jun 2013 03:35:28 +0000 (04:35 +0100)
committer	Ben Hutchings <benh@debian.org>
	Tue, 9 Jun 2020 17:50:00 +0000 (18:50 +0100)