elfutils currently ships a subpackage, elfutils-default-yama-scope, whose sole content is a sysctl file that sets kernel.yama.ptrace_scope=0 (disabling yama's non-child ptrace restrictions). elfutils-libs hard-Requires this subpackage, and because elfutils-libs is pulled in transitively by systemd, every Fedora system ends up with yama disabled today. Starting with Fedora 45 elfutils-0.195-1: - elfutils-default-yama-scope is renamed to yama-ptrace-enable. - elfutils-libs no longer Requires it; the old subpackage is Obsoleted to clean up on upgrade. - The main elfutils package gains Recommends: yama-ptrace-enable, and separate bugs are being filed against other debugger-type packages (gdb, strace, systemtap, etc.) to do the same. Net effect: systems without any debugger-type package installed will run with yama's kernel default (ptrace_scope=1, child-only). Systems with a debugger installed keep full non-child ptrace functionality via the Recommends. FESCo Change: https://fedoraproject.org/wiki/Changes/Restrict_ptrace_by_default FESCo issue: https://pagure.io/fesco/issue/3569 Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2448388
(In reply to Aaron Merey from comment #0) > Starting with Fedora 45 elfutils-0.195-1: > > - elfutils-default-yama-scope is renamed to yama-ptrace-enable. The elfutils-default-yama-scope package Provides default-yama-scope. default-yama-scope is what other packages Require or Recommend. Do we really need to rename that? The name doesn't change what it does and it seems unnecessary make work. Rest is fine of course.
The name was chosen to communicate intent/outcome, not just subject matter.