From 0283efcc0346196d00131d63b5df9f06ea38a2a7 Mon Sep 17 00:00:00 2001
From: Samuel FORESTIER <HorlogeSkynet@users.noreply.github.com>
Date: Thu, 2 May 2024 19:01:57 +0000
Subject: [PATCH] Mentions `kernel.yama.ptrace_scope = 3` breaks lxc v6+ procfs

See <https://github.com/lxc/lxcfs/issues/636> and <https://github.com/lxc/lxcfs/issues/639>.
---
 sysctl.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sysctl.conf b/sysctl.conf
index fde6b53..27a8716 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -42,6 +42,8 @@ kernel.kptr_restrict = 2
 #   - 1: only a parent process can be debugged
 #   - 2: only admins can use ptrace (CAP_SYS_PTRACE capability required)
 #   - 3: disables ptrace completely, reboot is required to re-enable ptrace
+# be aware disabling ptrace completely breaks lxc v6+ procfs emulation for unprivileged containers
+# (see https://github.com/lxc/lxcfs/issues/636)
 kernel.yama.ptrace_scope = 3
 
 # restrict kernel logs to root only