File yama-disable-ptrace-scope.spec of Package yama-disable-ptrace-scope
#
# spec file for package yama-disable-ptrace-scope
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: yama-disable-ptrace-scope
Version: 0.1
Release: 0
Summary: Set kernel.yama.ptrace_scope = 0
License: MIT
BuildRequires: aaa_base
Requires: procps
BuildRequires: procps
Requires: this-is-only-for-build-envs
BuildArch: noarch
%description
openSUSE now provides a security feature to disable ptrace on sibling
processes in order to increase security. However, some packages
requires this functionality to be enabled in order for their tests to
run as intended.
%prep
%build
%install
%post
# check if yama is active
if [ -f /proc/sys/kernel/yama/ptrace_scope ]; then
# automatically disable ptrace protection upon install if systemd is not
# available. Usually system will automatically apply the setting
if ! type -p systemd-notify > /dev/null || ! systemd-notify --booted; then
# don't do it on transactional systems to avoid altering the state of the
# system before reboot
if [ -z "${TRANSACTIONAL_UPDATE}" ]; then
# can't use sysctl since that would cause us to require procps, which is
# bad for container size
echo 0 > /proc/sys/kernel/yama/ptrace_scope || :
fi
fi
fi
# Do not remove %files, else the package is not generated.
%files
