SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Michael Cronenworth
mike at cchtml.com
Mon Apr 9 19:19:01 UTC 2012
John Reiser wrote:
> I reasonably require "gdb -p <pid>" (PTRACE_ATTACH) to work. If you want
> to protect "people", then figure out some way to protect them yet allow me
> to do my work on a usual multi-user system.
They have figured out a way: It's controlled by a boolean.
You can disable (or enable) this feature at any time.
More information about the devel
mailing list