923798 – net-libs/webkit-gtk-2.42.4-r410 compilation error

Bug 923798 - net-libs/webkit-gtk-2.42.4-r410 compilation error

Summary: net-libs/webkit-gtk-2.42.4-r410 compilation error

Status:	RESOLVED DUPLICATE of bug 771360

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-02-04 20:56 UTC by Nick Soveiko
Modified:	2024-02-07 00:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
build.log (build.log.gz,78.17 KB, application/gzip) 2024-02-04 20:56 UTC, Nick Soveiko	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nick Soveiko 2024-02-04 20:56:25 UTC

net-libs/webkit-gtk-2.42.4-r410 compilation produces an error while processing JavaScriptCore-4.1. 2.42.3-r410 results in the exact the same error.

Reproducible: Always

Steps to Reproduce:
1. emerge =net-libs/webkit-gtk-2.42.4-r410
2. 
3.
Actual Results:  
ninja: build stopped: subcommand failed.
 * ERROR: net-libs/webkit-gtk-2.42.4-r410::gentoo failed (compile phase):
 *   ninja -v -j8 -l9 failed
 * 
 * Call stack:
 *     ebuild.sh, line  136:  Called src_compile
 *   environment, line 3931:  Called cmake_src_compile
 *   environment, line 1769:  Called cmake_build
 *   environment, line 1736:  Called eninja
 *   environment, line 2212:  Called die
 * The specific snippet of code:
 *       "$@" || die -n "${*} failed"


Expected Results:  
successful build and install

$ emerge --info '=net-libs/webkit-gtk-2.42.4-r410::gentoo'
Portage 3.0.61 (python 3.11.7-final-0, default/linux/amd64/17.1/no-multilib, gcc-13, glibc-2.38-r10, 6.1.74-gentoo-ns x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-6.1.74-gentoo-ns-x86_64-Intel-R-_Core-TM-_i3-10105_CPU_@_3.70GHz-with-glibc2.38
KiB Mem:    16193820 total,  11174708 free
KiB Swap:    8388604 total,   7591164 free
Timestamp of repository gentoo: Sun, 04 Feb 2024 12:30:01 +0000
Head commit of repository gentoo: ba036748cb5644505a985c26c79138ff2197b868
Timestamp of repository guru: Fri, 02 Feb 2024 06:33:11 +0000
Head commit of repository guru: 1af9353e24db57f672ffe0a6fe32ad1bd18c9e9f

Timestamp of repository nest: Wed, 31 Jan 2024 14:07:12 +0000
Head commit of repository nest: 832e2d2197b0bb654de5e6f876d7fa8de5779adf

sh bash 5.1_p16-r6
ld GNU ld (Gentoo 2.41 p4) 2.41.0
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.1_p16-r6::gentoo
dev-build/autoconf:        2.13-r8::gentoo, 2.71-r6::gentoo
dev-build/automake:        1.16.5-r2::gentoo
dev-build/cmake:           3.27.9::gentoo
dev-build/libtool:         2.4.7-r1::gentoo
dev-build/make:            4.4.1-r1::gentoo
dev-build/meson:           1.3.0-r2::gentoo
dev-lang/perl:             5.38.2-r1::gentoo
dev-lang/python:           3.11.7::gentoo, 3.12.1_p1::gentoo
dev-lang/rust-bin:         1.74.1::gentoo
sys-apps/baselayout:       2.14-r1::gentoo
sys-apps/openrc:           0.53::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-devel/binutils:        2.41-r3::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           15.0.7-r3::gentoo, 16.0.6::gentoo, 17.0.6::gentoo
sys-devel/gcc:             13.2.1_p20240113-r1::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/lld:             15.0.7::gentoo, 17.0.6::gentoo
sys-devel/llvm:            15.0.7-r3::gentoo, 16.0.6::gentoo, 17.0.6::gentoo
sys-kernel/linux-headers:  6.6::gentoo (virtual/os-headers)
sys-libs/glibc:            2.38-r10::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    volatile: False
    sync-rsync-extra-opts: 
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-metamanifest: yes

guru
    location: /var/db/repos/guru
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/guru.git
    masters: gentoo
    volatile: False

local
    location: /var/db/repos/local
    masters: gentoo
    volatile: False

nest
    location: /var/db/repos/nest
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/nest.git
    masters: gentoo
    volatile: False

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -mtune=native -mharden-sls=all"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/applications/google-chrome.desktop /usr/share/applications/signal-desktop.desktop /usr/share/easy-rsa /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native -mtune=native -mharden-sls=all"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS=" --jobs 4 --load-average 8 --ask y --ask-enter-invalid --alert y"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe -march=native -mtune=native -mharden-sls=all"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict suidctl unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -march=native -mtune=native -mharden-sls=all"
GENTOO_MIRRORS="https://tux.rainside.sk/gentoo/ https://gentoo.mirror.root.lu/ https://mirror.leaseweb.com/gentoo/"
LANG="en_CA.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
MAKEOPTS="-j8 -l9"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="X a52 aac acl acpi alsa amd64 apparmor bash-completion bindist bluetooth branding bzip2 cairo cdda cddb cdr cli crypt cups dbus dri dts dvb dvd dvdr elogind emboss encode exif ffmpeg flac fortran fuse gdbm gif gpm gtk gui hddtemp iconv icu idn jpeg lcms libglvnd libnotify libtirpc lm-sensors mad mbox mng modules-sign mp3 mp4 mpeg mtp ncurses nls nptl ogg opencl opengl openmp pam pango pcre pdf png policykit ppds qt5 readline replaygain sdl seccomp spell split-usr ssl startup-notification svg system-icu system-jpeg system-png system-sqlite test-rust tiff truetype udev udisks unicode upower usb v4l vaapi vorbis vulkan webp wxwidgets x264 xattr xcb xfce xinerama xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt rdrand sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-CA" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="intel i965 iris vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS

$ emerge -pqv '=net-libs/webkit-gtk-2.42.4-r410::gentoo'
[ebuild  NS   ] net-libs/webkit-gtk-2.42.4-r410 [2.42.4] USE="X gstreamer introspection jpeg2k jumbo-build lcms pdf (seccomp) spell (-aqua) -avif -examples -gamepad -jpegxl -keyring -systemd -wayland"

Comment 1 Nick Soveiko 2024-02-04 20:56:55 UTC

Created attachment 884242 [details]
build.log

Comment 2 Sam James archtester

2024-02-04 20:57:58 UTC

[31mFAILED: [0mJavaScriptCore-4.1.gir /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCore-4.1.gir 
cd /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4 && /usr/bin/cmake -E env CC=/usr/bin/x86_64-pc-linux-gnu-gcc "CFLAGS=-fdiagnostics-color=always -Wextra -Wall -pipe -fmax-errors=20 -Wno-expansion-to-defined -Wno-psabi -Wno-misleading-indentation -Wno-maybe-uninitialized -Wundef -Wpointer-arith -Wmissing-format-attribute -Wformat-security -Wcast-align -Wno-tautological-compare -O2 -pipe -march=native -mtune=native -mharden-sls=all -fno-strict-aliasing -fno-exceptions" /usr/bin/g-ir-scanner --quiet --warn-all --warn-error --no-libtool --output=/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCore-4.1.gir --library=javascriptcoregtk-4.1 --library-path=/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/lib --namespace=JavaScriptCore --nsversion=4.1 --c-include=jsc/jsc.h --identifier-prefix=JSC --symbol-prefix=jsc --pkg-export=javascriptcoregtk-4.1 -DBUILDING_JavaScriptCore -DBUILDING_WITH_CMAKE=1 -DBUILDING_WEBKIT=1 -DHAVE_CONFIG_H=1 -DPAS_BMALLOC=1 -DBUILDING_GTK__=1 -DGETTEXT_PACKAGE=\"WebKitGTK-4.1\" -DJSC_GLIB_API_ENABLED -DBWRAP_EXECUTABLE=\"/usr/bin/bwrap\" -DDBUS_PROXY_EXECUTABLE=\"/usr/bin/xdg-dbus-proxy\" -DSTATICALLY_LINKED_WITH_WTF -DSTATICALLY_LINKED_WITH_bmalloc -I/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCore/Headers --sources-top-dirs=/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4 --include=GObject-2.0 --pkg=gobject-2.0 -I/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCore/Headers -I/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCore/PrivateHeaders -I/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/Headers -I/var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCOptions.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCVersion.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCAutocleanups.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCClass.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCContext.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCDefines.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCException.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCValue.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCVirtualMachine.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCWeakValue.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/jsc.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/runtime/CachedTypes.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCore/DerivedSources/JSCBytecodeCacheVersion.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCore/DerivedSources/JSCBuiltins.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSAPIWrapperGlobalObject.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSAPIWrapperObjectGLib.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCCallbackFunction.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCClass.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCContext.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCException.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCOptions.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCValue.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCVersion.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCVirtualMachine.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCWeakValue.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCWrapperMap.cpp /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCOptions.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCVersion.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/Source/JavaScriptCore/API/glib/JSCAutocleanups.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCClass.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCContext.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCDefines.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCException.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCValue.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCVirtualMachine.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/JSCWeakValue.h /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4_build/JavaScriptCoreGLib/DerivedSources/jsc/jsc.h
/usr/lib64/libsandbox.so(+0xd195)[0x7f093ab8f195]
/usr/lib64/libsandbox.so(+0xd2ad)[0x7f093ab8f2ad]
/usr/lib64/libsandbox.so(+0x7548)[0x7f093ab89548]
/usr/lib64/libsandbox.so(+0x7ae1)[0x7f093ab89ae1]
/usr/lib64/libsandbox.so(+0x8a17)[0x7f093ab8aa17]
/usr/lib64/libsandbox.so(execve+0x4f)[0x7f093ab8d74f]
/bin/bash(+0x26c52)[0x555ab9c79c52]
/bin/bash(+0x275ec)[0x555ab9c7a5ec]
/bin/bash(+0x2aa06)[0x555ab9c7da06]
/bin/bash(+0x7d819)[0x555ab9cd0819]
/proc/3699/cmdline: /bin/bash /usr/bin/ldd /var/tmp/portage/net-libs/webkit-gtk-2.42.4-r410/work/webkitgtk-2.42.4/tmp-introspecta5ui_t9b/JavaScriptCore-4.1 

ERROR: can't resolve libraries to shared libraries: javascriptcoregtk-4.1

Comment 3 Sam James archtester

2024-02-04 20:58:14 UTC

Have you done something like disable ptracing via the yama kernel config options/sysctls? sandbox needs it.

Comment 4 Nick Soveiko 2024-02-04 21:16:01 UTC

(In reply to Sam James from comment #3)

hmmm, indeed:

$ cat /proc/sys/kernel/yama/ptrace_scope 
3

so, what value is needed then? i'm dubious about setting it to 0...

-------------------------------------------------------------------------
For this particular key there are four valid options: 0-3

    kernel.yama.ptrace_scope = 0: all processes can be debugged, as long as they have same uid. This is the classical way of how ptracing worked.
    kernel.yama.ptrace_scope = 1: only a parent process can be debugged.
    kernel.yama.ptrace_scope = 2: Only admin can use ptrace, as it required CAP_SYS_PTRACE capability.
    kernel.yama.ptrace_scope = 3: No processes may be traced with ptrace. Once set, a reboot is needed to enable ptracing again.
-------------------------------------------------------------------------
source: https://linux-audit.com/protect-ptrace-processes-kernel-yama-ptrace_scope/

Comment 5 Sam James archtester

2024-02-07 00:33:29 UTC

(In reply to Nick Soveiko from comment #4)
> (In reply to Sam James from comment #3)
> 
> hmmm, indeed:
> 
> $ cat /proc/sys/kernel/yama/ptrace_scope 
> 3
> 
> so, what value is needed then? i'm dubious about setting it to 0...
> 
> -------------------------------------------------------------------------
> For this particular key there are four valid options: 0-3
> 
>     kernel.yama.ptrace_scope = 0: all processes can be debugged, as long as
> they have same uid. This is the classical way of how ptracing worked.
>     kernel.yama.ptrace_scope = 1: only a parent process can be debugged.
>     kernel.yama.ptrace_scope = 2: Only admin can use ptrace, as it required
> CAP_SYS_PTRACE capability.
>     kernel.yama.ptrace_scope = 3: No processes may be traced with ptrace.
> Once set, a reboot is needed to enable ptracing again.
> -------------------------------------------------------------------------
> source:
> https://linux-audit.com/protect-ptrace-processes-kernel-yama-ptrace_scope/

I think you have to do 0 or 1 for now, see bug 771360.

*** This bug has been marked as a duplicate of bug 771360 ***