From d3ccd1aa2fc906dd71d44b29dc9b7817c05cfa03 Mon Sep 17 00:00:00 2001 From: Niklas Sombert Date: Thu, 30 Nov 2023 12:55:27 +0100 Subject: [PATCH] nixos/sysctl: Move changelog entry for yama #256159 removed the default settings disabling it, but it was not merged in time for 23.11. --- nixos/doc/manual/release-notes/rl-2311.section.md | 5 ----- nixos/doc/manual/release-notes/rl-2405.section.md | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 78e02c9d2446..fb663b7894d8 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -509,11 +509,6 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 - Package `cloud-sql-proxy` was renamed to `google-cloud-sql-proxy` as it cannot be used with other cloud providers. -- The Yama LSM is now enabled by default in the kernel, which prevents ptracing - non-child processes. This means you will not be able to attach gdb to an - existing process, but will need to start that process from gdb (so it is a - child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0. - - Package `pash` was removed due to being archived upstream. Use `powershell` as an alternative. diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index b6b343145d78..6c697b580838 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -30,3 +30,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles. The `nimPackages` and `nim2Packages` sets have been removed. See https://nixos.org/manual/nixpkgs/unstable#nim for more information. + +- The Yama LSM is now enabled by default in the kernel, which prevents ptracing + non-child processes. This means you will not be able to attach gdb to an + existing process, but will need to start that process from gdb (so it is a + child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.