mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-07-06 16:30:39 +07:00
3559bc86b7
Change from exactwhitelist to matchwhitelist. Discussion revealed that there's a good reason to leave setgid in here, which is essentially defense-in-depth (sometimes users may want to revert Kicksecure's default of kernel.yama.ptrace_scope=2, e.g. to debug a program, and Kicksecure should not be less secure than vanilla Debian in that situation).