From: Ben Hutchings <ben@decadent.org.uk>
Subject: yama: Disable by default
Date: Wed, 19 Jun 2013 04:35:28 +0100
Bug-Debian: https://bugs.debian.org/712740
Forwarded: not-needed

--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -24,7 +24,7 @@
 #define YAMA_SCOPE_CAPABILITY	2
 #define YAMA_SCOPE_NO_ATTACH	3
 
-static int ptrace_scope = YAMA_SCOPE_RELATIONAL;
+static int ptrace_scope = YAMA_SCOPE_DISABLED;
 
 /* describe a ptrace relationship for potential exception */
 struct ptrace_relation {
@@ -425,7 +425,7 @@ static __init int yama_init(void)
 		return 0;
 #endif
 
-	printk(KERN_INFO "Yama: becoming mindful.\n");
+	printk(KERN_INFO "Yama: disabled by default; enable with sysctl kernel.yama.*\n");
 
 #ifndef CONFIG_SECURITY_YAMA_STACKED
 	if (register_security(&yama_ops))