[PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

James Morris jmorris at namei.org
Wed Jan 20 05:01:13 UTC 2021

On Mon, 11 Jan 2021, Suren Baghdasaryan wrote:

> Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ
> and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata
> and CAP_SYS_NICE for influencing process performance.

Almost missed these -- please cc the LSM mailing list when modifying 
capabilities or other LSM-related things.

James Morris
<jmorris at namei.org>

More information about the Linux-security-module-archive mailing list