SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

Kevin Kofler kevin.kofler at
Tue Apr 10 02:31:42 UTC 2012

Antonio Trande wrote:
> Maybe if deny_ptrace remains turn on by default already from F17 is good,
> i think.

No, keeping it off also in future releases is what "is good".

> Because of two reasons primarily:
> - Many "Fedora normal users" still don't know because SELinux is
> important, you image  if someone be worried how to turn on a its boolean.

So you want to show Fedora users that SELinux is important by breaking the 
crash reporting tools they use? That'll just tell them to disable SELinux 
altogether (which is what I'll tell them to do if they come complaining to 
#fedora-kde that DrKonqi does not work).

> - If this feature is turned off by default, less feedbacks will come back
> from comunity.

We already have enough feedback to know that the feature fundamentally does 
not work.

        Kevin Kofler

More information about the devel mailing list