From dfb7ea6fd111764405a20fcfd57fc1642817efec Mon Sep 17 00:00:00 2001
From: Aneesh Agrawal <aneeshusa@gmail.com>
Date: Sat, 8 Oct 2016 10:49:58 -0400
Subject: [PATCH] kernel: Document Yama implications in release notes

---
 nixos/doc/manual/release-notes/rl-1703.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml
index 9bc42edb49bc..c1107977db79 100644
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -43,6 +43,15 @@ following incompatible changes:</para>
       <literal>radicale</literal>.
     </para>
   </listitem>
+
+  <listitem>
+    <para>
+      The Yama LSM is now enabled by default in the kernel,
+      which prevents ptracing non-child processes.
+      This means you will not be able to attach gdb to an existing process,
+      but will need to start that process from gdb (so it is a child).
+    </para>
+  </listitem>
 </itemizedlist>