SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 9 15:40:34 UTC 2012
On 04/09/2012 11:11 AM, Frank Ch. Eigler wrote:
>
> dwalsh wrote:
>
>> I thought I made this clear in my blogs and the feature page that I
>> wanted this on deny_ptrace on by default. [...]
>> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
>
> The version of this page that you last edited [1] (and presumably as seen
> by FESCO) had this blurb:
>
> The deny_ptrace boolean will deny all processes even the unconfined_t
> domain from being able to ptrace other domains. Because of this it will be
> optional and turned off by default
>
> which seems easy to interpret as the opposite of "deny_ptrace on by
> default".
>
> [1]
> https://fedoraproject.org/w/index.php?title=Features/SELinuxDenyPtrace&oldid=268413
>
> - FChE
Ok, I guess I will have to fix this, and propose that we turn it on by default
in Fedora 18.
More information about the devel
mailing list