Ptrace Protection with Yama LSM( Non Broker ) = No in chrome://sandbox/ with linux-hardened and setting sysctl kernel.unprivileged_userns_clone = 1

Question

Ptrace Protection with Yama LSM( Non Broker ) = No in chrome://sandbox/ with linux-hardened and setting sysctl kernel.unprivileged_userns_clone = 1

Anish-M-code opened this issue 2 years ago · comments

I have no idea if the above is an issue that needs fixing or anything to worry about at all. So some feedback would be appreciated.
I have also ensured that yama lsm is enabled in boot parameters and set sysctl value kernel.yama.ptrace_scope = 3 to ensure yama lsm works.

networkException · Answer 1 · Fri Mar 25 2022 22:56:14 GMT+0800 (China Standard Time)

The same protections apply to a vanilla extra/chromium installation, if you have concerns about that please file an issue in the Arch Linux bugtracker

ANISH M · Answer 2 · Sat Mar 26 2022 00:40:13 GMT+0800 (China Standard Time)

Thanks for guiding me @networkException .