By default, set the yama ptrace_scope configuration to "1" meaning to
only allow restricted ptrace attach to child processes. This is the
more secure default setting for the system.
Users can opt to change this setting by changing the sysctl option to
"0" if they need unrestricted ptrace attach properties for things like
debugging.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
subpackages, etc.) have had theirRelease
tag incremented../cgmanifest.json
,./toolkit/scripts/toolchain/cgmanifest.json
,.github/workflows/cgmanifest.json
)./SPECS/LICENSES-AND-NOTICES/data/licenses.json
,./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
,./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON
)*.signatures.json
filessudo make go-tidy-all
andsudo make go-test-coverage
passSummary
By default, set the yama ptrace_scope configuration to "1" meaning to only allow restricted ptrace attach to child processes. This is the more secure default setting for the system.
Users can opt to change this setting by changing the sysctl option to "0" if they need unrestricted ptrace attach properties for things like debugging.
Signed-off-by: Chris Co chrco@microsoft.com
Does this affect the toolchain?
YES
Associated issues
Test Methodology