SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 10 01:18:13 UTC 2012
On 04/09/2012 05:06 PM, Matthew Garrett wrote:
> On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote:
>
>> And guess what I use these tools, and I just execute setsebool
>> deny_ptrace 0 anytime I need to strace or debug an application, then I
>> turn it back on when I am done.
>
> Are we able to determine that strace or gdb have been explicitly started by
> the user rather than from some more confined application?
>
We already block ptrace from almost every confined domain other then user domains.
More information about the devel
mailing list