Yama: add additional ptrace scopes
authorKees Cook <keescook@chromium.org>
Mon, 16 Apr 2012 18:56:45 +0000 (11:56 -0700)
committerJames Morris <james.l.morris@oracle.com>
Thu, 19 Apr 2012 03:39:56 +0000 (13:39 +1000)
commit389da25f93eea8ff64181ae7e3e87da68acaef2e
tree09277860746b3372cbb49ea82868709cbae99ec3
parent8156b451f37898d3c3652b4e988a4d62ae16eaac
Yama: add additional ptrace scopes

This expands the available Yama ptrace restrictions to include two more
modes. Mode 2 requires CAP_SYS_PTRACE for PTRACE_ATTACH, and mode 3
completely disables PTRACE_ATTACH (and locks the sysctl).

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Documentation/security/Yama.txt
security/yama/yama_lsm.c