Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

[Daniel J Walsh]

On 04/09/2012 11:11 AM, Frank Ch. Eigler wrote:
> 
> dwalsh wrote:
> 
>> I thought I made this clear in my blogs and the feature page that I
>> wanted this on deny_ptrace on by default. [...] 
>> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace
> 
> The version of this page that you last edited [1] (and presumably as seen
> by FESCO) had this blurb:
> 
> The deny_ptrace boolean will deny all processes even the unconfined_t
> domain from being able to ptrace other domains. Because of this it will be
> optional and turned off by default
> 
> which seems easy to interpret as the opposite of "deny_ptrace on by
> default".
> 
> [1]
> https://fedoraproject.org/w/index.php?title=Features/SELinuxDenyPtrace&oldid=268413
>
>  - FChE
Ok, I guess I will have to fix this, and propose that we turn it on by default
in Fedora 18.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel