821499 – launching sandbox as non-root should retain CAP_SYS_PTRACE capabilities to bypass yama ptrace_scope

Bug 821499 - launching sandbox as non-root should retain CAP_SYS_PTRACE capabilities to bypass yama ptrace_scope

Summary: launching sandbox as non-root should retain CAP_SYS_PTRACE capabilities to by...

Status:	CONFIRMED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Core - Ebuild Support (show other bugs)
Hardware:	All Linux

Importance:	Normal normal with 1 vote (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:

Duplicates (1):	916316 (view as bug list)
Depends on:
Blocks:	771360 821403
	Show dependency tree

Reported:	2021-11-03 16:57 UTC by SpanKY
Modified:	2023-10-28 04:39 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SpanKY gentoo-dev

2021-11-03 16:57:39 UTC

when running as non-root (i.e. w/out CAP_SYS_PTRACE caps), yama ptrace_scope settings restrict the ability to trace static programs.  portage, when setting up such an environment, should pass these caps down before running sandbox so that we can keep tracing programs.

Comment 1 Sam James archtester

2023-10-28 04:39:14 UTC

*** Bug 916316 has been marked as a duplicate of this bug. ***