summaryrefslogtreecommitdiff
path: root/gnu/build/activation.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-04-12 15:33:42 +0200
committerLudovic Courtès <ludo@gnu.org>2015-04-12 15:33:42 +0200
commitb158f1d751b17acc1700fce9777d2b85ffa8e914 (patch)
treed010162076d1b77ba27de3b31e45a49bb7983a5e /gnu/build/activation.scm
parentce6fc7d6a5345fd1c28e1a59cca807e81244b3e2 (diff)
system: Allow users to PTRACE_ATTACH to their own processes.
* gnu/build/activation.scm (activate-ptrace-attach): New procedure. * gnu/system.scm (operating-system-activation-script): Use it.
Diffstat (limited to 'gnu/build/activation.scm')
-rw-r--r--gnu/build/activation.scm13
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 64c3410baf..0c60355a1c 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -30,6 +30,7 @@
activate-/bin/sh
activate-modprobe
activate-firmware
+ activate-ptrace-attach
activate-current-system))
;;; Commentary:
@@ -335,6 +336,18 @@ by itself, without having to resort to a \"user helper\"."
(lambda (port)
(display directory port))))
+(define (activate-ptrace-attach)
+ "Allow users to PTRACE_ATTACH their own processes.
+
+This works around a regression introduced in the default \"security\" policy
+found in Linux 3.4 onward that prevents users from attaching to their own
+processes--see Yama.txt in the Linux source tree for the rationale. This
+sounds like an unacceptable restriction for little or no security
+improvement."
+ (call-with-output-file "/proc/sys/kernel/yama/ptrace_scope"
+ (lambda (port)
+ (display 0 port))))
+
(define %current-system
;; The system that is current (a symlink.) This is not necessarily the same