From e3985b28a0d70a66fd9c768bac19feab241210ad Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Wed, 17 Jul 2024 13:10:59 +0200
Subject: [PATCH] Allow ptrace to any process of the same user

Allows users to attach GDB to their own processes, without requiring
running the program with GDB from the start.
---
 m/common/base/boot.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/m/common/base/boot.nix b/m/common/base/boot.nix
index a3408ab..0fb0855 100644
--- a/m/common/base/boot.nix
+++ b/m/common/base/boot.nix
@@ -19,6 +19,10 @@
 
   boot.kernel.sysctl = {
     "kernel.perf_event_paranoid" = lib.mkDefault "-1";
+
+    # Allow ptracing (i.e. attach with GDB) any process of the same user, see:
+    # https://www.kernel.org/doc/Documentation/security/Yama.txt
+    "kernel.yama.ptrace_scope" = "0";
   };
 
   boot.kernelPackages = pkgs.linuxPackages_latest;