2012/4/9 Daniel J Walsh <dwa...@redhat.com> > On 04/09/2012 11:11 AM, Frank Ch. Eigler wrote: > > > > dwalsh wrote: > > > >> I thought I made this clear in my blogs and the feature page that I > >> wanted this on deny_ptrace on by default. [...] > >> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace > > > > The version of this page that you last edited [1] (and presumably as seen > > by FESCO) had this blurb: > > > > The deny_ptrace boolean will deny all processes even the unconfined_t > > domain from being able to ptrace other domains. Because of this it will > be > > optional and turned off by default > > > > which seems easy to interpret as the opposite of "deny_ptrace on by > > default". > > > > [1] > > > https://fedoraproject.org/w/index.php?title=Features/SELinuxDenyPtrace&oldid=268413 > > > > - FChE > Ok, I guess I will have to fix this, and propose that we turn it on by > default > in Fedora 18. > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel >
Maybe if deny_ptrace remains turn on by default already from F17 is good, i think. Because of two reasons primarily: - Many "Fedora normal users" still don't know because SELinux is important, you image if someone be worried how to turn on a its boolean. - Although someone is interested to it, will think that it is not as important if disabled on default. Also: - If this feature is turned off by default, less feedbacks will come back from comunity. In any case i will advice to active it if necessary. My two cents. :) Regards. -- *Antonio Trande "Fedora Ambassador" **mail*: mailto:sagit...@fedoraproject.org <sagit...@fedoraproject.org> *Homepage*: http://www.fedora-os.org *Sip Address* : sip:sagitter AT ekiga.net *Jabber <http://jabber.org/>* :sagitter AT jabber.org *GPG Key: 19E6DF27*
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
