Update workstation sysctl

etc/sysctl.d/99-workstation.conf

@@ -3,7 +3,8 @@
 dev.tty.ldisc_autoload = 0
 
 # https://access.redhat.com/solutions/1985633
-# Seems dangerous
+# Seems dangerous.
+# Roseta need this though, so if you use it comment this out.
 fs.binfmt_misc.status = 0
 
 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-userspace
@@ -14,7 +15,7 @@ fs.protected_symlinks = 1
 fs.protected_hardlinks = 1
 
 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#core-dumps
-# Disable coredumps
+# Disable coredumps.
 # For additional safety, disable coredumps using ulimit and systemd too.
 kernel.core_pattern=|/bin/false
 fs.suid_dumpable = 0
@@ -42,8 +43,6 @@ net.core.bpf_jit_harden = 2
 kernel.unprivileged_userns_clone = 1
 
 # Disable ptrace. Not needed on workstations.
-# Also, the Debian gVisor package from Google will just take priority over this with their
-# /etc/sysctl.d/999-gvisor.conf file.
 kernel.yama.ptrace_scope = 3
 
 # https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl