[Lxc-users] Setting yama/ptrace_scope to 0 inside container?
Serge Hallyn
serge.hallyn at canonical.com
Thu Sep 13 13:01:17 UTC 2012
Quoting Dan Kegel (dank at kegel.com):
> I'd like to strace a stray process, but in Ubuntu 12.04, to do that
> you have to do
>
> echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
>
> This fails inside an LXC (ephemeral) container.
>
> But since there's only one kernel, you can do that in the host, and
> it will affect the containers as well.
>
> At least for now. There's some talk of changing that
> ( http://www.openwall.com/lists/kernel-hardening/2011/11/23/1 /
> http://lkml.indiana.edu/hypermail/linux/kernel/1111.2/03494.html )
>
> Is there an LXC FAQ somewhere for tidbits like this?
Not that I know of.
-serge
More information about the lxc-users
mailing list