Skip to content
Snippets Groups Projects
Commit f6cbd3f8 authored by Evangelos Foutras's avatar Evangelos Foutras :smiley_cat:
Browse files

hardening: use default ptrace scope on buildservers 

Making 'kernel.yama.ptrace_scope' more strict by setting it to '2'
causes failures in elfutils' test suite. While tentatively helpful
on other servers, it seems kind of unnecessary for a build server.

Fixes: #424 (to be reopened though, if more restrictions are found)
parent fa46bb38
No related branches found
No related tags found
1 merge request!533hardening: use default ptrace scope on buildservers
Pipeline #15879 passed
Stage: test
Hide whitespace changes
Inline Side-by-side
roles/hardening/tasks/main.yml
+ 1
0
View file @ f6cbd3f8
......@@ -7,6 +7,7 @@
- name: set ptrace scope, restrict ptrace to CAP_SYS_PTRACE
copy: src=50-ptrace-restrict.conf dest=/etc/sysctl.d/50-ptrace-restrict.conf owner=root group=root mode=0644
when: "'buildservers' not in group_names"
notify:
- apply sysctl settings
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment