UnixPB: Set ptrace_scope value to 0 in Ubuntu

[aswinkr77]

The default value of /proc/sys/kernel/yama/ptrace_scope is 1 in Ubuntu, which prevents a user from using GDB to attach to another process. Setting this value to 0 fixes the issue. Here is the snippet from the documentation:

The sysctl settings (writable only with CAP_SYS_PTRACE) are:

0 - classic ptrace permissions: a process can PTRACE_ATTACH to any other
    process running under the same uid, as long as it is dumpable (i.e.
    did not transition uids, start privileged, or have called
    prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
    unchanged.

1 - restricted ptrace: a process must have a predefined relationship
    with the inferior it wants to call PTRACE_ATTACH on. By default,
    this relationship is that of only its descendants when the above
    classic criteria is also met. To change the relationship, an
    inferior can call prctl(PR_SET_PTRACER, debugger, ...) to declare
    an allowed debugger PID to call PTRACE_ATTACH on the inferior.
    Using PTRACE_TRACEME is unchanged.

note: performance_tools is an optional role, ref: https://github.com/adoptium/infrastructure/pull/3194

Checklist

• [ ] commit message has one of the standard prefixes
• [ ] faq.md updated if appropriate
• [ ] other documentation is changed or added (if applicable)
• [ ] playbook changes run through VPC or QPC (if you have access)
• [ ] VPC/QPC not applicable for this PR
• [ ] for inventory.yml changes, bastillion/nagios/jenkins updated accordingly

[aswinkr77]

Why is this needed?

@karianna the value of 1(restricted ptrace) prevents a non root user from using GDB to attach to another process. Eg:

jenkins@ubu20le-rtp-rt6-1:/root$ sleep 10 &
[1] 112360
jenkins@ubu20le-rtp-rt6-1:/root$ gdb -ex "set confirm off" -ex quit -p $!
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "powerpc64le-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word".
Attaching to process 112360
Could not attach to process.  If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user.  For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.

[karianna]

Sorry should have been cleaerer! Are we needing to debug with GDB on our build hosts? I'd have assumed we would debug on a separate development machine

[aswinkr77]

@karianna I'm not sure how this affects Adoptium. From our end(IBM), the development team has requested changes on the on our hosts. Ig more details can be provided by @AdamBrousseau on this.

[AdamBrousseau]

gdb was originally added via #3194. It is used on all the Semeru machines so developers are able to debug on any machine they reserve. It was added as an optional role so by default, I don't believe Adopt installs/uses it. We found an issue recently on ubuntu and tracked it down to this ptrace value. This PR is simply adjusting the value so gdb will work properly on ubuntu.

[aswinkr77]

/thaw

[karianna]

Mac Os X 14 failed with a brew install task - unrelated.