On Mon, Sep 08, 2025 at 06:11:51PM +0000, Christopher Klooz wrote: > == Benefit to Fedora == > > Increased security / additional security layer with regards to > attacks/vulnerabilities related to `ptrace`, `kptr_restrict` and `bpf_jit`.
Note that the ptrace restriction is not limited to just the ptrace() system call. IIUC, it applies to any functionality in the kernel that checks against ptrace permissions. For example, this will also block opening /proc/$PID/mem, and block use of process_vm_readv()/writev() syscalls. This is required to satisfy the security goal of the tunable, as a ptrace() restriction alone would trivially be bypassed via those other avenues. Not a problem, just something worth noting as an effect of the change. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
