ptrace_scope
Donate
ptrace_scope is a Linux kernel security setting (Yama) that controls which processes may trace other processes using ptrace. Restrictive defaults improve isolation but can block debuggers such as gdb. This page explains the setting, common errors, and how to change it when necessary.
Introduction
[edit]The kernel setting kernel.yama.ptrace_scope (often referred to as ptrace_scope) restricts the use of the ptrace system call. ptrace is commonly used by debuggers and troubleshooting tools to inspect or control another process. However, the same capability can also be abused to read sensitive data from other processes or to interfere with them.
More restrictive ptrace_scope values reduce the attack surface by limiting which processes can attach to which targets. In Kicksecure, this setting is configured with a restrictive value by default, which can cause debugging and certain diagnostics to fail with permission errors.
If you need to relax this setting temporarily for debugging, consider doing so only for the shortest time required, and restore the default afterwards. To check the current value, you can use sysctl kernel.yama.ptrace_scope or read /proc/sys/kernel/yama/ptrace_scope.
Error - Could not trace the inferior process warning
[edit]warning: Could not trace the inferior process.warning: ptrace: Operation not permitted
This is an intentional security setting by security-misc, but it can be undone.
1 Sysmaint Notice
- A If using
user-sysmaint-split: The user must boot into the sysmaint session. For details and instructions on how to do so, see user-sysmaint-split. - B If using unrestricted admin mode: This sysmaint notice does not apply. Continue with the steps below.
2 Open file /etc/sysctl.d/50_user.conf in an editor with administrative ("root") rights.
1 Select your platform.
2 Notes.
- Sudoedit guidance: See Open File with Root Rights for details on why using
sudoeditimproves security and how to use it. - Editor requirement: Close Featherpad (or the chosen text editor) before running the
sudoeditcommand.
3 Open the file with root rights.
sudoedit /etc/sysctl.d/50_user.conf
2 Notes.
- Sudoedit guidance: See Open File with Root Rights for details on why using
sudoeditimproves security and how to use it. - Editor requirement: Close Featherpad (or the chosen text editor) before running the
sudoeditcommand. - Template requirement: When using Kicksecure-Qubes, this must be done inside the Template.
3 Open the file with root rights.
sudoedit /etc/sysctl.d/50_user.conf
4 Notes.
- Shut down Template: After applying this change, shut down the Template.
- Restart App Qubes: All App Qubes based on the Template need to be restarted if they were already running.
- Qubes persistence: See also Qubes Persistence
- General procedure: This is a general procedure required for Qubes and is unspecific to Kicksecure-Qubes.
2 Notes.
- Example only: This is just an example. Other tools could achieve the same goal.
- Troubleshooting and alternatives: If this example does not work for you, or if you are not using Kicksecure, please refer to Open File with Root Rights.
3 Open the file with root rights.
sudoedit /etc/sysctl.d/50_user.conf
3 Paste the following.
Note: Or use another value as per kernel sysctl manual
.
kernel.yama.ptrace_scope=0
4 Re-generate dracut initial ramdisk. [1]
sudo dracut -f
5 Reboot.
sudo reboot
6 Done.
Forum Discussion
[edit]References
[edit]- ↑ Due to dracut early sysctl parsing.
A secure by default operating system with the latest security research in place.
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
2012-
2026 ENCRYPTED SUPPORT LLC
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!