On 04/09/2012 05:06 PM, Matthew Garrett wrote: > On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote: > >> And guess what I use these tools, and I just execute setsebool >> deny_ptrace 0 anytime I need to strace or debug an application, then I >> turn it back on when I am done. > > Are we able to determine that strace or gdb have been explicitly started by > the user rather than from some more confined application? > We already block ptrace from almost every confined domain other then user domains. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
- SELinuxDenyPtrace: Write, compile, run, but don't debug... Mark Wielaard
- Re: SELinuxDenyPtrace: Write, compile, run, but do... Tom Lane
- Re: SELinuxDenyPtrace: Write, compile, run, but do... John Reiser
- Re: SELinuxDenyPtrace: Write, compile, run, bu... Tom Lane
- Re: SELinuxDenyPtrace: Write, compile, run... Miloslav Trmač
- Re: SELinuxDenyPtrace: Write, compile, run... Jan Kratochvil
- Re: SELinuxDenyPtrace: Write, compile, run... Matej Cepl
- Re: SELinuxDenyPtrace: Write, compile,... Przemek Klosowski
- Re: SELinuxDenyPtrace: Write, com... Daniel J Walsh
- Re: SELinuxDenyPtrace: Write,... Matthew Garrett
- Re: SELinuxDenyPtrace: Wr... Daniel J Walsh
- Re: SELinuxDenyPtrace: Wr... Matthew Garrett
- Re: SELinuxDenyPtrace: Wr... Michael Scherer
- Re: SELinuxDenyPtrace: Wr... Matthew Garrett
- Re: SELinuxDenyPtrace: Wr... Horst H. von Brand
- Re: SELinuxDenyPtrace: Wr... Matthew Garrett
- Re: SELinuxDenyPtrace: Wr... Daniel J Walsh
- Re: SELinuxDenyPtrace: Wr... Matthew Garrett
- Re: SELinuxDenyPtrace: Wr... Mark Wielaard
- Re: SELinuxDenyPtrace: Wr... Matthew Garrett
- Re: SELinuxDenyPtrace: Wr... Daniel J Walsh
