SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

Michael Cronenworth mike at cchtml.com
Mon Apr 9 19:19:01 UTC 2012

Previous message: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Next message: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John Reiser wrote:
> I reasonably require "gdb -p <pid>" (PTRACE_ATTACH) to work.  If you want
> to protect "people", then figure out some way to protect them yet allow me
> to do my work on a usual multi-user system.

They have figured out a way: It's controlled by a boolean.

You can disable (or enable) this feature at any time.

Previous message: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Next message: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the devel mailing list