Yama: add PR_SET_PTRACER_ANY
For a process to entirely disable ptrace restrictions, it can use the
special PR_SET_PTRACER_ANY pid to indicate that any otherwise allowed
process may ptrace it. This is stronger than calling PR_SET_PTRACER with
pid "1" because it includes processes in external pid namespaces.
BUG=chromium-os:25271
TEST=x86-alex build, boot, passes updated security_ptraceRestrictions.
STATUS=Fixed
Change-Id: I7a09a388f7b9b528cada04c752174edba2cf18ea
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/14602
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>