Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote:

> And guess what I use these tools, and I just execute setsebool deny_ptrace 0
> anytime I need to strace or debug an application, then I turn it back on when
> I am done.

Are we able to determine that strace or gdb have been explicitly started 
by the user rather than from some more confined application?

Matthew Garrett | mjg59@xxxxxxxxxxxxx
devel mailing list

[Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Home]     [Fedora Tools]     [Fedora PHP Devel]     [Kernel List]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

Add to Google Powered by Linux