yama: Disable by default

author Ben Hutchings <ben@decadent.org.uk>

Wed, 19 Jun 2013 03:35:28 +0000 (04:35 +0100)

committer Salvatore Bonaccorso <carnil@debian.org>

Thu, 26 Sep 2019 12:19:06 +0000 (13:19 +0100)
author Ben Hutchings <ben@decadent.org.uk>
Wed, 19 Jun 2013 03:35:28 +0000 (04:35 +0100)
committer Salvatore Bonaccorso <carnil@debian.org>
Thu, 26 Sep 2019 12:19:06 +0000 (13:19 +0100)
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c

index 01c6239c4493a53a0b5584a8e9ad05574174dc33..13d21be24184fea54617ed6f8ef0a9c160ae72ba 100644 (file)
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -24,7 +24,7 @@
  #define YAMA_SCOPE_CAPABILITY  2
  #define YAMA_SCOPE_NO_ATTACH   3
  
-static int ptrace_scope = YAMA_SCOPE_RELATIONAL;
+static int ptrace_scope = YAMA_SCOPE_DISABLED;
  
  /* describe a ptrace relationship for potential exception */
  struct ptrace_relation {
@@ -477,7 +477,7 @@ static inline void yama_init_sysctl(void) { }
  
  static int __init yama_init(void)
  {
-       pr_info("Yama: becoming mindful.\n");
+       pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n");
         security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama");
         yama_init_sysctl();
         return 0;
author	Ben Hutchings <ben@decadent.org.uk>
	Wed, 19 Jun 2013 03:35:28 +0000 (04:35 +0100)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Thu, 26 Sep 2019 12:19:06 +0000 (13:19 +0100)