diff --git a/m/bay/configuration.nix b/m/bay/configuration.nix
index 6aabe6b..5f215cf 100644
--- a/m/bay/configuration.nix
+++ b/m/bay/configuration.nix
@@ -9,6 +9,10 @@
   # Select the this using the ID to avoid mismatches
   boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";
 
+  boot.kernel.sysctl = {
+    "kernel.yama.ptrace_scope" = lib.mkForce "1";
+  };
+
   environment.systemPackages = with pkgs; [
     ceph
   ];
diff --git a/m/common/base/boot.nix b/m/common/base/boot.nix
index a3408ab..0fb0855 100644
--- a/m/common/base/boot.nix
+++ b/m/common/base/boot.nix
@@ -19,6 +19,10 @@
 
   boot.kernel.sysctl = {
     "kernel.perf_event_paranoid" = lib.mkDefault "-1";
+
+    # Allow ptracing (i.e. attach with GDB) any process of the same user, see:
+    # https://www.kernel.org/doc/Documentation/security/Yama.txt
+    "kernel.yama.ptrace_scope" = "0";
   };
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
diff --git a/m/lake2/configuration.nix b/m/lake2/configuration.nix
index 04627a8..2a29ae7 100644
--- a/m/lake2/configuration.nix
+++ b/m/lake2/configuration.nix
@@ -8,6 +8,10 @@
 
   boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";
 
+  boot.kernel.sysctl = {
+    "kernel.yama.ptrace_scope" = lib.mkForce "1";
+  };
+
   environment.systemPackages = with pkgs; [
     ceph
   ];