SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Frank Ch. Eigler
fche at redhat.com
Mon Apr 9 15:11:58 UTC 2012
dwalsh wrote:
> I thought I made this clear in my blogs and the feature page that I wanted
> this on deny_ptrace on by default.
> [...]
> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
The version of this page that you last edited [1] (and presumably
as seen by FESCO) had this blurb:
The deny_ptrace boolean will deny all processes even the
unconfined_t domain from being able to ptrace other domains. Because
of this it will be optional and turned off by default
which seems easy to interpret as the opposite of "deny_ptrace on by default".
[1] https://fedoraproject.org/w/index.php?title=Features/SELinuxDenyPtrace&oldid=268413
- FChE
More information about the devel
mailing list