e35a6e7c73
Put jenkins_master into jenkins::master and jenkins_job_builder into jenkins::job_builder and jenkins_slave into jenkins::slave. Change-Id: Icb0e3071894730c17d8f36f49e9d34979d9c568e Reviewed-on: https://review.openstack.org/11249 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
25 lines
1.3 KiB
Plaintext
25 lines
1.3 KiB
Plaintext
# This file is managed by puppet.
|
|
#
|
|
# The PTRACE system is used for debugging. With it, a single user process
|
|
# can attach to any other dumpable process owned by the same user. In the
|
|
# case of malicious software, it is possible to use PTRACE to access
|
|
# credentials that exist in memory (re-using existing SSH connections,
|
|
# extracting GPG agent information, etc).
|
|
#
|
|
# A PTRACE scope of "0" is the more permissive mode. A scope of "1" limits
|
|
# PTRACE only to direct child processes (e.g. "gdb name-of-program" and
|
|
# "strace -f name-of-program" work, but gdb's "attach" and "strace -fp $PID"
|
|
# do not). The PTRACE scope is ignored when a user has CAP_SYS_PTRACE, so
|
|
# "sudo strace -fp $PID" will work as before. For more details see:
|
|
# https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace
|
|
#
|
|
# For applications launching crash handlers that need PTRACE, exceptions can
|
|
# be registered by the debugee by declaring in the segfault handler
|
|
# specifically which process will be using PTRACE on the debugee:
|
|
# prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
|
|
#
|
|
# In general, PTRACE is not needed for the average running Ubuntu system.
|
|
# To that end, the default is to set the PTRACE scope to "1". This value
|
|
# may not be appropriate for developers or servers with only admin accounts.
|
|
kernel.yama.ptrace_scope = 0
|