Hrm, this looks like it might be a legit regression. 4.4.0-8 passes the test, while 4.4.0-9.X is failing. In both instances, /proc/sys/kernel/yama/ptrace_scope is set to 1. It looks like cousin processes are allowed to ptrace each other, which yama's ptrace restrictions should prevent.
Looking at the git commits between tags Ubuntu-4.4.0-8.23 and Ubuntu-4.4.0-9.24, the following commits stand out as being ptrace relevent: commit 969624b7c1c8c9784651eb97431e6f2bbb7a024c Author: Jann Horn <j...@thejh.net> Date: Wed Jan 20 15:00:04 2016 -0800 ptrace: use fsuid, fsgid, effective creds for fs access checks upstream commit caaee6234d05a58c5b4d05e7bf766131b810a657 upstream. and commit a76b8ce7ad1f65a96638f161ff83075de04ec9cc Author: Jann Horn <j...@thejh.net> Date: Sat Dec 12 21:12:41 2015 +0100 UBUNTU: SAUCE: (noup) ptrace: being capable wrt a process requires mapped uids/gids upstream reference https://lkml.org/lkml/2015/12/12/259 But it's not obvious to me why either commit would break this. ** Summary changed: - linux: ADT test failures with 4.4.0-9.X + linux: 4.4.0-9.X fails yama ptrace restrictions tests -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1551894 Title: linux: 4.4.0-9.X fails yama ptrace restrictions tests Status in linux package in Ubuntu: Incomplete Bug description: 15:55:46 ERROR| [stderr] FAIL: test_093_ptrace_restriction (__main__.KernelSecurityTest) 15:55:46 ERROR| [stderr] ptrace allowed only on children or declared processes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1551894/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
