SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Kevin Kofler
kevin.kofler at chello.at
Tue Apr 10 02:31:42 UTC 2012
Antonio Trande wrote:
> Maybe if deny_ptrace remains turn on by default already from F17 is good,
> i think.
No, keeping it off also in future releases is what "is good".
> Because of two reasons primarily:
>
> - Many "Fedora normal users" still don't know because SELinux is
> important, you image if someone be worried how to turn on a its boolean.
So you want to show Fedora users that SELinux is important by breaking the
crash reporting tools they use? That'll just tell them to disable SELinux
altogether (which is what I'll tell them to do if they come complaining to
#fedora-kde that DrKonqi does not work).
> - If this feature is turned off by default, less feedbacks will come back
> from comunity.
We already have enough feedback to know that the feature fundamentally does
not work.
Kevin Kofler
More information about the devel
mailing list