dwalsh wrote: > I thought I made this clear in my blogs and the feature page that I wanted > this on deny_ptrace on by default. > [...] > https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
The version of this page that you last edited [1] (and presumably as seen by FESCO) had this blurb: The deny_ptrace boolean will deny all processes even the unconfined_t domain from being able to ptrace other domains. Because of this it will be optional and turned off by default which seems easy to interpret as the opposite of "deny_ptrace on by default". [1] https://fedoraproject.org/w/index.php?title=Features/SELinuxDenyPtrace&oldid=268413 - FChE -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
