# These are some recommended defaults that users can alter if needed.
# For example, developer systems may want to enable kexec for kernel
# testing, or disable the ptrace restrictions to be able to gdb attach
# to processes without root.
#
# To replace, create a file of the same name in /etc/sysctl.d.

# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict=1

# Turn off kexec, even if it's built in.
kernel.kexec_load_disabled=1

# Avoid non-ancestor ptrace access to running processes and their credentials.
kernel.yama.ptrace_scope=1