Hi Chris, On Tue, Nov 18, 2025 at 09:18:05AM +0000, Christopher Klooz wrote: > new title suggestion: > > > Restrict ptrace for unprivileged users to child processes by default, > > following ArchLinux,openSuSE,Ubuntu and kernel default (mitigates attack > > vectors)
Again, way too long. Also somewhat misleading to call it "kernel default". The kernel default is following the normal unix restrictions for certain syscalls. On top of that you can choose to add selinux, apparmor or yama LSMs. And different distros provide different default mandatory access control policies. Your suggestion is to adopt a different default policy that more aligns to what you believe some other distros, but not others, do. But all that doesn't have to go into the title, it can just be explained in your detailed description (it you feel that is really relevant). Cheers, Mark -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
