diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-04-13 01:25:28 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-04-13 01:25:28 -0400 |
| commit | 1ca8ff285ba0f055fbaf314d8a23fadc25839135 (patch) | |
| tree | 365145d3f9e5f5009845c5fd9696c5083d734134 /gnu/build/activation.scm | |
| parent | 14fe9488f487e63f965b7ba103a95a38ba236569 (diff) | |
| parent | 4c9050c63d707222730fc6112415f4324e0c7c37 (diff) | |
| download | guix-1ca8ff285ba0f055fbaf314d8a23fadc25839135.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/build/activation.scm')
| -rw-r--r-- | gnu/build/activation.scm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 64c3410baf..0c60355a1c 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -30,6 +30,7 @@ activate-/bin/sh activate-modprobe activate-firmware + activate-ptrace-attach activate-current-system)) ;;; Commentary: @@ -335,6 +336,18 @@ by itself, without having to resort to a \"user helper\"." (lambda (port) (display directory port)))) +(define (activate-ptrace-attach) + "Allow users to PTRACE_ATTACH their own processes. + +This works around a regression introduced in the default \"security\" policy +found in Linux 3.4 onward that prevents users from attaching to their own +processes--see Yama.txt in the Linux source tree for the rationale. This +sounds like an unacceptable restriction for little or no security +improvement." + (call-with-output-file "/proc/sys/kernel/yama/ptrace_scope" + (lambda (port) + (display 0 port)))) + (define %current-system ;; The system that is current (a symlink.) This is not necessarily the same |